Just a note on changes in Rails 2.0 which messes up a couple of tutorials on getting SWFUpload working with restful authentication.
The gist of it is that Flash cannot send cookie data so if you’re using a cookie based authentication mechanism, it will fail. The solution is to insert the session id into the query string and then hack CGI::Session to set the session id. A lot of tutorials have you insert this snippet into either environment.rb or lib/ but this no longer works with Rails 2.0+. Instead, you need to put it in the config/initializers folder.
Knowing that would have saved me about 5 hours worth of frustration.