Bertg · November 18, 2009 10:43 · pavelvasev · Sep 12, 2011
diff --git a/flash_session_cookie_middleware.rb b/flash_session_cookie_middleware.rb
 # FlashSessionCookieMiddleware
 #   passing your session in the URI, when it should be in the cookie
 # 
 #
 # By Bert Goethals: (https://www.twitter.com/bertgoethals)
 # Based on code by Rob Anderton (http://thewebfellas.com/blog/2008/12/22/flash-uploaders-rails-cookie-based-sessions-and-csrf-rack-middleware-to-the-rescue)
 #
 # This code has no licence what so ever, you are free to use it how you want, as
 #   long as you don't blame me when your code breaks.
 #
 # This code only works in following cases:
 # - passing the session as the variable for 'session_key' (it is best to set this to your app's session cookie name
 # - the value is URI escaped once, (don't do it explicetally if using rails helpers, they do it for you)
 # - Loading this middleware before session_store middleware
 #
 # Note, this could work also after session_store middleware (or others).
 # However, these could already have modified the cooky values, and this module
 # could become unstable because of that, and it's functioning can not be
 # guaranteed.
 #

 require 'rack/utils'

 class FlashSessionCookieMiddleware
  def initialize(app, session_key = '_session_id')
    @app = app
    @session_key = session_key
  end

  # Imagine the session_key value being:
  # => "ABC+123"
  # The session in the URL is url encoded:
  # => "ABC%B2123"
  # after ::Rack::Utils our params[@session_key] is:
  # => "ABC+123"
  # this is NOT expected behaviour!!!
  # When the session store is running trough the cookie it will escape the
  # cookie values. See lib/rack/request.rb (Rack gem) in the cookie method:
  # => "ABC 123"
  #
  # So we are supposed to put the escaped value in the cookie.
  #
  def call(env)
    if env['HTTP_USER_AGENT'] =~ /^(Adobe|Shockwave) Flash/
      params = ::Rack::Utils.parse_query(env['QUERY_STRING'])
      env['HTTP_COOKIE'] = [ @session_key, ::Rack::Utils.escape(params[@session_key]) ].join('=').freeze unless params[@session_key].nil?
    end
    @app.call(env)
  end

 end
	# FlashSessionCookieMiddleware
	# passing your session in the URI, when it should be in the cookie
	#
	#
	# By Bert Goethals: (https://www.twitter.com/bertgoethals)
	# Based on code by Rob Anderton (http://thewebfellas.com/blog/2008/12/22/flash-uploaders-rails-cookie-based-sessions-and-csrf-rack-middleware-to-the-rescue)
	#
	# This code has no licence what so ever, you are free to use it how you want, as
	# long as you don't blame me when your code breaks.
	#
	# This code only works in following cases:
	# - passing the session as the variable for 'session_key' (it is best to set this to your app's session cookie name
	# - the value is URI escaped once, (don't do it explicetally if using rails helpers, they do it for you)
	# - Loading this middleware before session_store middleware
	#
	# Note, this could work also after session_store middleware (or others).
	# However, these could already have modified the cooky values, and this module
	# could become unstable because of that, and it's functioning can not be
	# guaranteed.
	#

	require 'rack/utils'

	class FlashSessionCookieMiddleware
	def initialize(app, session_key = '_session_id')
	@app = app
	@session_key = session_key
	end

	# Imagine the session_key value being:
	# => "ABC+123"
	# The session in the URL is url encoded:
	# => "ABC%B2123"
	# after ::Rack::Utils our params[@session_key] is:
	# => "ABC+123"
	# this is NOT expected behaviour!!!
	# When the session store is running trough the cookie it will escape the
	# cookie values. See lib/rack/request.rb (Rack gem) in the cookie method:
	# => "ABC 123"
	#
	# So we are supposed to put the escaped value in the cookie.
	#
	def call(env)
	if env['HTTP_USER_AGENT'] =~ /^(Adobe\|Shockwave) Flash/
	params = ::Rack::Utils.parse_query(env['QUERY_STRING'])
	env['HTTP_COOKIE'] = [ @session_key, ::Rack::Utils.escape(params[@session_key]) ].join('=').freeze unless params[@session_key].nil?
	end
	@app.call(env)
	end

	end