rails: authlogic passing a session parameter to UserSession.find

Question

I'm passing the user session via a parameter (params['session_key']) for one controller (it's a flash upload script so I have to pass it via a param).

I don't know how to access the user session with authlogic by using the raw param string.

Normally I do this:

@current_user_session = UserSession.find

I thought I could do this:

@current_user_session = UserSession.find(session_key)

But passing the key as a parameter to the method doesn't appear to work.

Any idea how I look up the user session with authlogic when I can't access the session cookie and need to use a param with the session key?

Answer 1

In order to flash to get authenticated you need a "hack" that is quite tricky to get working.

don't know if you're using uploadify but you might need the same solution indicated here: http://thewebfellas.com/blog/2008/12/22/flash-uploaders-rails-cookie-based-sessions-and-csrf-rack-middleware-to-the-rescue

the only problem is, I never found a 100% working solution on the internet, I started with this post and solved the problem manually with quite a pain here at work.

As I recall, I added exception on protect_from_forgery to my tmp_uploader method

Another necessary thing was on the render for the method where I had to specifically indicate:

render :action => 'tmp_uploader.js.rjs'

There is also a problem with filters using respond_to method that my AppController used, also added the tmp_uploader method to his :except list

Sorry I can't recall exactly what else I had to do, but it really was a big pain.