When Ruby on Rails server change to using a DB session store, then users need to "clear the cookies?"

Maybe I can summarize the question: If a Rails app goes into Maintenance for 30 minutes and the Rails Session Store is changed from using cookies to using DB, then any user who has the browser open won't be able to use the Rails apps for any session store capability unless the user clears all the cookies or restart the browser. Is there a way to fix this behavior (because users who didn't do that will get stuck and possibly frustrated).

Details:

To understand Rails' session store better, I created a new project that at first uses cookie as the session store (using Rails 2.3.8 with Ruby 1.8.7)...

and values can be stored in the session. and then without closing the browser, I stopped the Rails server, removed the # in front of

#ActionController::Base.session_store = :active_record_store

and did a rake db:sessions:create and then a rake db:migrate (to create a sessions table in the DB).

But now, my browser was never closed, and 开发者_C百科when I print out the session variables, it won't work, and when I set some values into the session, using FoosController#show, and print out the session values in FoosController#index (in the view). Although the values can be set in show, they don't show up in index. I have to clear out the cookies in my browser (or exit my browser and start it up again, so that the values can be set in show and then index will show it correctly now.

I guess for a thing like changing the session store from cookie to DB, the server will be shut down, meaning the site will be down for a few minutes to a couple of hours... but the users may not close the browser during this time... and

1) any session values that was set previously won't show (probably acceptable)

2) any new session values set by the server now also will not go into the user's session store.

I think (1) above is ok, but (2) can drive the user crazy... keeping on trying for 30 minutes, and wait an hour, or two hours later, still won't work (for example, cannot log in and read a second page as a logged in user, because session[:user_id] cannot be set successfully. The user will probably call tech support and the tech support may or may not suggest "clearing the cookie"... but is a pretty crude way to fix something. (or restart the browser will work too... but the user may have so many tabs open that he actually need to go through all the tabs and bookmark anything and then close and restart the browser.)

So it this true for a Rails server? Or somebody know the newer versions of Rails already fixed that issue?

Try changing the secret_token (located in config/initializers/secret_token.rb in rails 3) when you switch from the cookie store to the db store. This will in effect invalidate all outstanding cookie sessions causing the users to be prompted to login again (assuming your app has such a mechanism).

Hope that helps.