I'm doing some cross-domain JSONP work that requires a session, but Safari doesn't like third-party cookies, even if you use the ridiculous P3P protocol stuff that IE supports.
Rails generally requires cookies for storing session ids, but you can
get around that with by changing the
cookie_only session option to
false (it's true by default):
Now, if you have a URL parameter like
Rails will pick up on that and initialize the session using that
id. Do be aware that this increases the liklihood of session fixation
attacks, so determine if
that's an acceptable tradeoff for your application.