The simplest way to disable sessions in Rails is to use session :off (see ActionController::SessionManagement::ClassMethods).
To disable session suport only for a specific controller add session :off to that controller
class MyController < ApplicationController session :off end
Written like that, sessions are disabled for all actions on this controller.
Like filters, you can specify :only and :except clauses to restrict subset. The following code will disable session for first_action and third_action, but not for second_action.
class MyController < ApplicationController session :off, :only %w(first_action third_action) def first_action end def second_action end def third_action end end
Same could be achived with session :off, :except => :second_action.
The session options are inheritable, so to disable sessions for the entire application add session :off to ApplicationController.
class ApplicationController < ActionController::Base session :off end
session :disabled => true
The downside of above approach is that if you disable sessions in ApplicationController with session :off you can’t enable them later on.
But luckily there is a cure for that. Instead of session :off add this line session :disabled => true to ApplicationController.
class ApplicationController true end
Now, you can re-enable session support in an inheriting controller with session :disabled => false.
class MyController false end
- How to Change Session Options in RoR
- How to Per Action Session Options in RoR
- QuarkRuby: Sessions and cookies in Ruby on Rails