From: Andi Scharfstein Date: 2008-09-17T03:24:05+09:00 Subject: [ruby-core:18635] CGI Session IDs Hello, having recently had to implement some web stuff just using the core libraries, I got bitten by the fact that CGI::Session.new will not respect a given session_id when creating a new session entirely from scratch, i.e. cgi = CGI.new("html4") sess = CGI::Session.new(cgi, "new_session" => true, "session_key" => "foo", "session_id" => "bar") will NOT create a session where sess.session_id == "bar", but rather a session where the session id is created by calling CGI::Session.create_new_id. This is still true for the most recent 1.9 version of session.rb. I was wondering if this was in fact the desired behaviour, since at least the old Pickaxe book seems to indicate otherwise: (quoting http://www.ruby-doc.org/docs/ProgrammingRuby/html/web.html) cgi = CGI.new("html3") sess = CGI::Session.new( cgi, "session_key" => "rubyweb", "session_id" => "9650", "new_session" => true, "prefix" => "web-session.") sess["CustID"] = 123 sess["Part"] = "ABC" "This will send a cookie to the user named ``rubyweb'' with a value of 9650. It will also create a disk file in $TMP/web-session.9650 with the key, value pairs for CustID and Part." Also, the library documentation has this to say: # session_id:: the session id to use. If not provided, then # it is retrieved from the +session_key+ parameter # of the request, or automatically generated for # a new session. What do you think? -- Bye: Andi S. mailto:mail@synchron.org