In one of the projects I had been working on, I needed to upload a file with flash. Unfortunately flash doesn't pass any session information to the upload request, so it never got passed the authentication filter set up in the application controller.
The obvious solution was to pass the necessary session information along with the requested url as a get param. Rails 2.x+ uses a cookie based session store, which I wasn't too found of, as it meant I had to pass the entire session.
So I switched to an active record store to pass only the session id (request.session_options[:id]):
rake db:sessions:create
Then added the following to the environment.rb file:
config.action_controller.session_store = :active_record_store
And in the controller where the upload took place:
prepend_before_filter :create_session_from_params, :only => [:my_flash_upload_method]
def my_flash_upload_method
# save file for the logged in user
end
private
def create_session_from_params
session_data = ActiveRecord::SessionStore::Session.find_by_session_id(params[:sid]).data
session_data.each{ |k,v| session[k] = v }
end
And that's it. I can now read the session information as if it's a normal request.