rails cookie session store
At first, I really loved the rails CookieStore for sessions… it seemed so elegant and carefree to let the client take care of its own data. Actually, I still like the idea a lot and it works well in most cases.
One problem: if you want to iframe/widgetize your site on another, you’ll have trouble. The security “features” of many browsers (such as Safari) will ignore Set-Cookie headers from domains other than the site you navigate to. The cookies in the CookieStore sessions are constantly changing on the server side, but will never get set on the client… as a result, the user state breaks.
So… memcached (or any server-side session store) to the rescue. Set the session “key” once on the client (I think browsers will honor the Set-Cookie header for a <script src=”…”/> request) and go from there!
