Rails 3 cookie sessions can cooperate with Flash. It’s a pain in the ass, but it is possible.
I just pushed up a small gem called flash_cookie_session that’s useful for Flash-based file uploaders (SWFUpload, Uploadify, Plupload, etc) that need to cooperate with Rails.
The problem is that Rails uses cookie-based sessions to keep track of the current_user, etc. You may also have to worry about the authenticity_token being passed around if you’re using protect_from_forgery and you’d like to avoid those pesky InvalidAuthenticityToken errors.
There are many, many blog posts about this: http://www.google.co.uk/search?q=rails+flash+upload
There are many possible solutions. This gem represents a meager attempt to make this all a bit easier to deal with in Rails 3. No need for special routes, no need to manually configure FlashSessionCookieMiddleware, etc.
The installation instructions and more information can be found here: http://github.com/trevorturk/flash_cookie_session