Rails action response should behave like a simple file response - no session or cookies

I have a rails controller I dont ever want to set a cookie. I production, all it's actions are basically page cached and served as static files. But in development it's responses are generated on each request so that we can change things on the fly and test it out.

The problem is that when we have parallel requests that change cookie data this falls apart. In the client coe that uses this API we are having a problem with session cookies if the requests are made in parallel. It's a race condition where the request that completes last sets it's cookie, overwriting whatever was there before.

1. req A starts for session creation
2. req B starts for static file
3. req A completes for session creates sets updated and authenticated session cookie
4. req B completes开发者_Go百科 for static file, and in dev mode sets the cookie it started with overwriting the new session state from req A.

So I need to turn off sessions completely from the controller that serves req B.

I've tried session :off in the controller, but that seems to have been deprecated in rails 2.3 (what we are currently using). When I do a curl -I http://localhost:3000/my/path it still shows the Set-Cookie header in the response. The docs simply say that if you dont use the session, it wont load it. But it's still setting that cookie.

Long story short: I need a way to force my controller to NOT send a Set-Cookie header in it's response, ever, so that the controller's response in development mode better matches production behavior.

Thanks to tadman I discovered that my before filters were indeed messing with the session and mucking things up. So I added this line to my controller and allis well!

skip_filter filter_chain