Rails 2.0.2 broke non-cookie based session support
Non-cookie based session used to work with Rails 1.2.6. I just wasted a couple hours figuring this out. Some googling reveals Rails 2.0.2 broke this… WTF!?
From the Rails docs:
:cookie_only – if true (the default), session IDs will only be accepted from cookies and not from the query string or POST parameters. This protects against session fixation attacks.
But it doesn’t work!!!
Trackbacks
Use the following link to trackback from your own site:
http://blog.rayvinly.com/articles/trackback/51
