How would I clear all rails sessions?

Here is my code:

if session[:firsttimestart].nil? 
else
  @firsttime = false
end

if @firsttime == true
  ini开发者_JAVA百科tglobals()
end
session[:firsttimestart]=false

The problem is when I turn off the server and come back to the application, the session[:firsttimestart] is still false. It somehow stores this variable in my system without an expiration date so the iniglobals() is not called. I tried to use rake tmp:clear and it didn't work. How can I clear all the sessions that am using in my system each time I restart my server?

Whether it's DB or cookie store, use rake tmp:sessions:clear

If you are storing your sessions in a db then

rake db:sessions:clear

In Rails 4, the accepted answer (rake db:sessions:clear) no longer works because ActiveRecord::SessionStore was extracted into the active_record-session_store gem. (See here for further explanation)

You can now either install the active_record-session_store gem and use rake db:sessions:clear as in Rails 3, or create a custom Rake task that looks like so:

namespace :db do
    namespace :sessions do
        desc "Clear ActiveRecord sessions"
        task :clear => :environment do
            sql = 'TRUNCATE sessions;'
            ActiveRecord::Base.connection.execute(sql)
        end
    end
end

Firstly, nil is not == false, however, nil evaluates to false. Try it yourself if you do not believe:

irb(main):001:0> nil == false
=> false
irb(main):002:0> nil == nil
=> true

Which ofcourse means:

irb(main):003:0> false.nil?
=> false

You can clean up your code in the following manner as it seems like @firsttime is never set to true anywhere.

unless session[:visited]
  session[:visited] = true
  initglobals
end

Finally, rake tmp:sessions:clear will only work if you are using ActiveRecordStore, if you are using CookieStore (which is the default). Then you will need to clean your cookies, or use reset_session.

In Rails 5 if using ActiveRecord:

ActiveRecord::SessionStore::Session.delete_all

or for more granular:

# For example schedule this once a day`
ActiveRecord::SessionStore::Session.where(["updated_at < ?", 2.weeks.ago]).delete_all

I'm using Rails 4 and the following solution worked for me as I do not want to manual run rake db:session:clear every time I start my application.

Inside /config/initializer/session_store.rb add the following

ActiveRecord::SessionStore::Session.delete_all

This is just the same as the rake command but done at the initializer level.

Best is to change the secret key on the deployment, all cookies will be invalidated

technically, you should be providing one already via an environment variable.

http://guides.rubyonrails.org/security.html#custom-secrets

for the rake task, it looks like the new one is

rails tmp:clear  

At least for sessions stored in cookies, you could just change your session store key:

initializers/session_store.rb:

Rails.application.config.session_store :cookie_store, key: '_my_new_session_key'

According to the Rails API: ...changing your secret_key_base will invalidate all existing sessions

https://api.rubyonrails.org/v5.2.1/classes/ActionDispatch/Session/CookieStore.html

To present an alternative solution: you could change the secret_key_base - if the authentication is done in another application.

rake db:schema:cache:clear

this clears cache and all sessions when using rails API, and for other databse tasks use:

rake --tasks