[ACCEPTED]-Command to clear the cookie-based session store in Rails-cookies
If you use Cookie based sessions
You can change the secret_token of your 4 rails app. This will invalidate all existing 3 sessions.
Then copy the value in to
Thats 2 it. Remember to restart your app after this 1 ;)
If you use database based sessions
If you use file based sessions
Change the name of the session cookie. It 2 won't delete the old cookies, but it'll 1 force everyone to get a new session cookie.
The problem is that cookies are client side. Running 9 a rake task on your server won't delete 8 cookies on all the machines that have visited 7 the web page, obviously.
Perhaps you can 6 use
session.clear in your controllers somehow? You're 5 right about changing the cookie key, though. Doing 4 so would invalidate any session belonging 3 to the old key. You would have to rescue 2 from
ActionController::StaleSession (or something like that), but it'd 1 work.
It occurs to me now that what I want may 15 not be possible depending on how the cookie-based 14 store is implemented. If the cookies contain 13 all the information the server needs (including 12 a signature for data integrity) then the 11 server does not need to store any information 10 on its side therefore there is no way to 9 invalidate existing cookies. I had assumed 8 the cookie contained some key that corresponded 7 to data on the server-side in order to verify 6 that the cookie is valid, but now I realize 5 this may not be the case.
If this is true, then 4 the only way to clear cookies would be to 3 change the server-side cookie secret used 2 for signing and then presumably restart 1 the server process.
If you are running this on a production 7 server I recommend:
Which is simply generating 6 a random secure token. The rake task is 5 basically doing this, which you could do 4 in a console.
Never check the production 3 key into version control / GIT but use an 2 environment variable instead. So in your 1
config/secrets.yml file use something like:
production: secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
More Related questions