You can avoid the middleware hack when using flash in rails with logged in users.
As you should know, the browser doesn’t share the session with flash. Before using devise, I was using a rack middleware to hack into user session.
But there is a much cleaner way if you use devise, you can use the built in feature :authentication_token.
More details on how are here.