I am wondering if anyone can help me. I've come across a bit of a sticky problem. I'm currently running a Facebook application which takes payment from users. In order to take payment securely we're had to break out of our app. http://apps.facebook.com/<ourapplication> to https://facebook.ourapplication.com/payments/create for example.
Once the payment is created and there's no need for https anymore we push the user back into Facebook to continue using the app. Ideally we do everything inside Facebook but that isn't possible. Unfortunately this means we're generating flash messages on the secure pages and redirecting to a different domain which means our flashes don't travel across both domains, and we get no flash message on return. Equally when we return to the payment page a second time the confirmation flash appears as its the first hit on the original domain since we stored the flash. This all makes sense, but we need a workaround.
Is there any way to store session data and maintain state other than in cookies. Do you still require cookies even if you use ActionRecord::SessionStore. I was under the impression some other unique identifier could be determined from your browser build, time of first page access or something, os and stored along with the session data in the database rather than an unique identifier stored in a cookie. This might be me being deluded however and be utter rubbish.
Any ideas on how to solve this problem?