From f31dc4a93e242b599f113c7f550c8955aaad7d68 Mon Sep 17 00:00:00 2001
From: Screeny <screeny05@gmail.com>
Date: Tue, 19 Nov 2013 10:45:09 +0100
Subject: [PATCH] step 1

---
 lib/index.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/index.js b/lib/index.js
index 3813b1d..47dffe9 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -35,13 +35,13 @@ function authorize(options) {
 
   return function(data, accept){
     data.cookie = parseCookie(auth, data.headers.cookie || '');
-    data.sessionID = data.cookie[auth.key] || '';
+    data.sessionID = data.query.session_id || data.cookie[auth.key] || '';
     data[auth.userProperty] = {
       logged_in: false
     };
 
-    if(data.xdomain)
-      return auth.fail(data, 'Can not read cookies from CORS-Requests.', false, accept);
+    if(data.xdomain && !data.sessionID)
+      return auth.fail(data, 'Can not read cookies from CORS-Requests. See CORS-Workaround in the readme.', false, accept);
 
     auth.store.get(data.sessionID, function(err, session){
       if(err)