AJAX request to Rails, does the target controller action have access to the same session as it would if it was visited in a browser?

When you get a GET or POST request to Ruby on Rails, does the target controller action have access to the same session as it would if it was visited in a browser?

For example, when I'm logged in to my app (using devise), I can acc开发者_StackOverflow中文版ess current_user as I visit different pages. But if I send a POST request to an action, does it have access to current_user? Or does it only have access to the variables that were sent with the request?

It has access to everything.

Beware of one detail: ajax sometimes fails to pass the authorize before filter.