It appears that Ruby's CGI::Session class will not use the _session_id in the query string when the Request is a POST.
Normally, a POST-type request occurs when a form is submitted to the server (e.g. a Rails application). In this scenario, there is an easy workaround since we can send the _session_id as a hidden field.
With Flash 8, however, there is no way to add a 'hidden field' to the multi-part form data, thus Rails will fail to recognize the _session_id in the query string portion of our request.
Here is a hackish work-around:
Normally, a POST-type request occurs when a form is submitted to the server (e.g. a Rails application). In this scenario, there is an easy workaround since we can send the _session_id as a hidden field.
With Flash 8, however, there is no way to add a 'hidden field' to the multi-part form data, thus Rails will fail to recognize the _session_id in the query string portion of our request.
Here is a hackish work-around:
1 2 # The following code is a work-around for the 3 # Flash 8 bug that prevents our multiple file uploader 4 # from sending the _session_id. Here, we hack the 5 # Session#initialize method and force the session_id 6 # to load from the query string via the request uri. 7 # (Tested on Lighttpd) 8 9 class CGI::Session 10 alias original_initialize initialize 11 def initialize(request, option = {}) 12 session_key = option['session_key'] || '_session_id' 13 option['session_id'] = 14 request.env_table["REQUEST_URI"][0..-1]. 15 scan(/#{session_key}=(.*?)(&.*?)*$/). 16 flatten.first 17 original_initialize(request, option) 18 end 19 end
http://inquirylabs.com/downloads/get_session_id_from_query_string_on_post.rb