When Sinatra bumped up to 1.3, the sinatra project I was working on began to loose it's session. I've traced the problem to Rack::Protection. I'm experimenting with OpenID and holding the id in the session. It's the job of SessionHijacking to drop the session whenever one of it's tracked "profiles" changes.

My HTTP_VERSION changes back and forth from 1.0 to 1.1. All the others being tracked stay the same. This is something that happens when the application runs on heroku.com (have not been able to duplicate on my local machine). It happens during the OpenID exchange, on posts... and maybe just a bit randomly, can't say for sure but makes the webapp unusable.

I think it's heroku's proxie. Is that possible?

Firstly, I'm looking for where I can set these tracked keys (could not see how right a away).
In general though, is HTTP_VERSION a good "fingerprint"?