Ruby On Rails in UA/Программирование на ROR/swfupload и session id

Бьюсь над проблемой уже несколько дней.
Задача: организовать аплод файлов через swfupload. Так-как флеш не передает cookie, воспользовался хаком, который позволяет передавать session_id в параметрах.

Теперь привожу логи:
Processing VideoController#index (for 127.0.0.1 at 2008-07-24 19:19:14) [GET] Session ID: BAh7CDoMY3NyZl9pZCIlY2Q3ODNiN2RlZWE3ZWIzOWFlMDc2OWZmZDFjMTc0 Mzg6DHVzZXJfaWRpBiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxh c2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA==--83ebb25e87e6351241098c3859fa9094faecf015 Parameters: {"action"=>"index", "controller"=>"video"} Video Load (0.000000) SELECT * FROM `videos` ORDER BY created_at DESC Tag Load (0.000000) SELECT tags.id, tags.name, COUNT(*) AS count FROM `tags` INNER JOIN taggings ON tags.id = taggings.tag_id INNER JOIN videos ON videos.id = taggings.taggable_id WHERE (taggings.taggable_type = 'Video') GROUP BY tags.id, tags.name HAVING COUNT(*) > 0 Rendering template within layouts/application Rendering video/index Video Columns (0.000000) SHOW FIELDS FROM `videos` Attachment Load (0.000000) SELECT * FROM `attachments` WHERE (`attachments`.video_id = 3) LIMIT 1 Attachment Columns (0.000000) SHOW FIELDS FROM `attachments` Tag Load (0.000000) SELECT `tags`.* FROM `tags` INNER JOIN taggings ON tags.id = taggings.tag_id WHERE ((`taggings`.taggable_type = 'Video') AND (`taggings`.taggable_id = 3))  User Columns (0.000000) SHOW FIELDS FROM `users` User Load (0.000000) SELECT * FROM `users` WHERE (`users`.`id` = 1)  SQL (0.000000) SELECT count(*) AS count_all FROM `comments` WHERE (`comments`.commentable_id = 3 AND `comments`.commentable_type = 'Video')  CACHE (0.000000) SELECT count(*) AS count_all FROM `comments` WHERE (`comments`.commentable_id = 3 AND `comments`.commentable_type = 'Video')  Rendered video/_video (0.03100) Rendered video/_tagscloud (0.00000) User Load (0.000000) SELECT * FROM `users` WHERE (`users`.`id` = 1) LIMIT 1 Completed in 0.07800 (12 reqs/sec) | Rendering: 0.04600 (58%) | DB: 0.00000 (0%) | 200 OK [http://localhost/]

Это лог обычного обращения.

Processing AttachmentController#upload (for 127.0.0.1 at 2008-07-24 19:04:20) [POST] Session ID: BAh7CDoMdXNlcl9pZGkGOgxjc3JmX2lkIiVjZDc4M2I3ZGVlYTdlYjM5YWUwNzY5ZmZkMWMxNzQzOCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA==--75d5a0eee202d1ac55f4c11d4480d60d6aa19b20 Parameters: {"Filename"=>"charly.avi", "authenticity_token"=>"9eb496ae49074f03e8c448bd5c98029fe7665e35", "action"=>"upload", "Upload"=>"Submit Query", "_vimkz_session"=>"BAh7CDoMdXNlcl9pZGkGOgxjc3JmX2lkIiVjZDc4M2I3ZGVlYTdlYjM5YWUwNzY5ZmZkMWMxNzQzOCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA==--75d5a0eee202d1ac55f4c11d4480d60d6aa19b20", "id"=>"43", "controller"=>"attachment", "Filedata"=>#<File:C:/DOCUME~1/ch/LOCALS~1/Temp/CGI.2136.2>} ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/request_forgery_protection.rb:86:in `verify_authenticity_token' D:/rails/ruby/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/callbacks.rb:173:in `send' D:/rails/ruby/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/callbacks.rb:173:in `evaluate_method' D:/rails/ruby/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/callbacks.rb:161:in `call' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:430:in `call' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:592:in `run_before_filters' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:578:in `call_filters' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:573:in `perform_action_without_benchmark' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue' D:/rails/ruby/lib/ruby/1.8/benchmark.rb:293:in `measure' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/rescue.rb:201:in `perform_action_without_caching' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/caching/sql_cache.rb:13:in `perform_action' D:/rails/ruby/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/connection_adapters/abstract/query_cache.rb:33:in `cache' D:/rails/ruby/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/query_cache.rb:8:in `cache' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/caching/sql_cache.rb:12:in `perform_action' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/base.rb:529:in `send' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/base.rb:529:in `process_without_filters' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:569:in `process_without_session_management_support' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/session_management.rb:130:in `process' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/base.rb:389:in `process' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/dispatcher.rb:149:in `handle_request' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/dispatcher.rb:107:in `dispatch' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/dispatcher.rb:104:in `synchronize' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/dispatcher.rb:104:in `dispatch' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/dispatcher.rb:120:in `dispatch_cgi' D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/dispatcher.rb:35:in `dispatch' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/bin/../lib/mongrel/rails.rb:76:in `process' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/bin/../lib/mongrel/rails.rb:74:in `synchronize' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/bin/../lib/mongrel/rails.rb:74:in `process' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel.rb:159:in `process_client' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel.rb:158:in `each' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel.rb:158:in `process_client' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel.rb:285:in `run' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel.rb:285:in `initialize' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel.rb:285:in `new' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel.rb:285:in `run' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel.rb:268:in `initialize' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel.rb:268:in `new' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel.rb:268:in `run' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel/configurator.rb:282:in `run' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel/configurator.rb:281:in `each' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel/configurator.rb:281:in `run' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/bin/mongrel_rails:128:in `run' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/lib/mongrel/command.rb:212:in `run' D:/rails/ruby/lib/ruby/gems/1.8/gems/mongrel-1.1.5-x86-mswin32-60/bin/mongrel_rails:281 D:/rails/ruby/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/dependencies.rb:502:in `load' D:/rails/ruby/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/dependencies.rb:502:in `load' D:/rails/ruby/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/dependencies.rb:354:in `new_constants_in' D:/rails/ruby/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/dependencies.rb:502:in `load' D:/rails/ruby/lib/ruby/gems/1.8/gems/rails-2.1.0/lib/commands/servers/mongrel.rb:64 D:/rails/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:27:in `gem_original_require' D:/rails/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:27:in `require' D:/rails/ruby/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/dependencies.rb:509:in `require' D:/rails/ruby/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/dependencies.rb:354:in `new_constants_in' D:/rails/ruby/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/dependencies.rb:509:in `require' D:/rails/ruby/lib/ruby/gems/1.8/gems/rails-2.1.0/lib/commands/server.rb:39 D:/rails/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:27:in `gem_original_require' D:/rails/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:27:in `require' script/server:3 Rendering D:/rails/ruby/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/templates/rescues/layout.erb (unprocessable_entity)

А вот лог заливки файла флешем. Session id передается в одну строчку, без переводов строки, и я получаю InvalidAuthenticityToken. Вопрос: что делать?

А как тебе такой вариант
делаешь для пользователя ключ который будет однозначно его идентифицировать вместо сессий.
И потом при загрузке файла проверяешь это ключ если есть такой то файлик цепляешь на этого пользователя и все. И не привязываешься к сессии а к уникальному идентификатору пользователя.

А у меня запрос-то пойдет, без сессии? Помоему в рельсах 2, все POST запросы требуют наличие session id, или я не туда думаю?