Doesn't work for unique session ID's or remember tokens

[iwasrobbed]

Issue 1: Unique session IDs

If you use the Rails generator to generate a new app for you with a given name, it will automatically generate a unique cookie session ID for you in the /config/initializers/session_store.rb file which breaks this gem's method of generically calling it _session_id

This quick fix will allow it to always use the session ID that Rails knows about:

def initialize(app, session_key = Rails.application.config.session_options[:key])

Issue 2: Remember cookies

Another issue I had was that we use cookies for if user's check a "Keep me logged in" box during login and these cookies are stored as "remember_token". If this does not get passed in, the server cannot validate those users and this process fails.

I would recommend adding an option to allow them to pass in a param called "remember_token" since this is a pretty widely used design practice and you're likely to run into this often.

You would then have to build up the HTTP_COOKIE object to include both the session ID as well as this remember token.

This is kind of ugly, but hopefully you understand it and it works for both scenarios where the user has a Remember token or if they don't:

  def call(env)
    if env['HTTP_USER_AGENT'] =~ /^(Adobe|Shockwave) Flash/
      req = Rack::Request.new(env)
      the_session_key = [ @session_key, req.params[@session_key] ].join('=').freeze if req.params[@session_key]
      the_remember_token = [ 'remember_token', req.params['remember_token'] ].join('=').freeze if req.params['remember_token']
      cookie_with_remember_token_and_session_key = [ the_remember_token, the_session_key ].join(';').freeze
      env['HTTP_COOKIE'] = cookie_with_remember_token_and_session_key
      env['HTTP_ACCEPT'] = "#{req.params['_http_accept']}".freeze if req.params['_http_accept']
    end
    @app.call(env)
  end

[trevorturk]

Closing in favor of the pull request