Kolodvor

The simplest way to disable sessions in Rails is to use session ff (see ActionController::SessionManagement::ClassMethods).

session ff

To disable session suport only for a specific controller add session ff to that controller

class MyController < ApplicationController
    session  ff
end

Written like that, sessions are disabled for all actions on this controller.

Like filters, you can specify nly and :except clauses to restrict subset. The following code will disable session for first_action and third_action, but not for second_action.

class MyController < ApplicationController
  session  ff,  nly %w(first_action third_action)

  def first_action
  end

  def second_action
  end

  def third_action
  end
end

Same could be achived with session ff, :except => :second_action.

The session options are inheritable, so to disable sessions for the entire application add session ff to ApplicationController.

class ApplicationController < ActionController::Base
    session  ff
end

session :disabled => true

The downside of above approach is that if you disable sessions in ApplicationController with session ff you can't enable them later on.

But luckily there is a cure for that. Instead of session ff add this line session :disabled => true to ApplicationController.

class ApplicationController < ActionController::Base
    session :disabled => true
end

Now, you can re-enable session support in an inheriting controller with session :disabled => false.

class MyController < ApplicationController
    session :disabled => false
end

Further reading

• How to Change Session Options in RoR
• How to Per Action Session Options in RoR
• QuarkRuby: Sessions and cookies in Ruby on Rails

Technorati Tags: session, rails