We are currently in the process of upgrading AMEEdiscover to Rails 3.1, which is good. However, Discover shares a session cookie with MyAMEE to provide single sign-on functionality. The way sessions are stored and signed has changed a little, so we’ve had to make some changes. For most of this, I followed this extremely good guide from Kabisa, but near the end I went a bit astray.
I was adding the patches as and when required, rather than just doing it all at once, so I hadn’t got round to patching the Rails 2 app to read session data from string keys instead of symbols. I sort of thought that it might not even be necessary; it’s a one-way flow of information from the Rails 2 app to the Rails 3 app, and the Rails 3 one was reading the symbol keys just fine. However, we started to get some very odd behaviour, in that the Rails 2 app couldn’t read the session after the Rails 3 one had accessed it.
What I eventually realised is that this is because Rails rewrites the session object completely each time, so Rails 3 was stringifying keys that it didn’t even care about and hadn’t used, which ended up breaking the Rails 2 app.
The solution was indeed to use the same keys for both apps, but I didn’t want to modify the Rails 2 app at all, so instead of the solution from Kabisa, I patched the session management in Rails 3 instead. The code I ended up using is available as a gist, should it be useful to anyone else.