Disabling sessions in Rails

The simplest way to disable sessions in Rails is to use session :off (see ActionController::SessionManagement::ClassMethods).

session :off

To disable session suport only for a specific controller add session :off to that controller

class MyController < ApplicationController
  session :off
end

Written like that, sessions are disabled for all actions on this controller.

Like filters, you can specify :only and :except clauses to restrict subset. The following code will disable session for first_action and third_action, but not for second_action.

class MyController < ApplicationController
  session :off, :only %w(first_action third_action)

  def first_action
  end

  def second_action
  end

  def third_action
  end
end

Same could be achived with session :off, :except => :second_action.

The session options are inheritable, so to disable sessions for the entire application add session :off to ApplicationController.

class ApplicationController < ActionController::Base
  session :off
end

session :disabled => true

The downside of above approach is that if you disable sessions in ApplicationController with session :off you can’t enable them later on.

But luckily there is a cure for that. Instead of session :off add this line session :disabled => true to ApplicationController.

class ApplicationController
  session :disabled => true
end

Now, you can re-enable session support in an inheriting controller with session :disabled => false.

class MyController
  session :disabled => false
end