This project is archived and is in readonly mode.

#4742 ✓stale

Can't get valid session key via request.session_options[:key] when using CookieStore

Reported by brian | June 1st, 2010 @ 04:49 AM

When I try to get session key via request.session_options[:key], I always get '_session_id' even though I changed it in session_store.rb (or production.rb)

I found the source code in cookie_store.rb like this

      def initialize(app, options = {})

    # Process legacy CGI options
    options = options.symbolize_keys
    if options.has_key?(:session_path)
      options[:path] = options.delete(:session_path)
    if options.has_key?(:session_key)
      options[:key] = options.delete(:session_key)
    if options.has_key?(:session_http_only)
      options[:httponly] = options.delete(:session_http_only)

    @app = app

    # The session_key option is required.
    @key = options.delete(:key).freeze

    # The secret option is required.
    @secret = options.delete(:secret).freeze

    @digest = options.delete(:digest) || 'SHA1'
    @verifier = verifier_for(@secret, @digest)

    @default_options = DEFAULT_OPTIONS.merge(options).freeze


I think because @default_options[:key] was not changed due to @key = options.delete(:key).freeze

It doesn't occur when I use memcache as session store, so I tried to figure it why.
And I found initialize method in abstract_store.rb and also found that the method does not delete :key from options.

How can I get valid session key if this is not a bug?

Comments and changes to this ticket

  • Neeraj Singh

    Neeraj Singh June 1st, 2010 @ 10:03 AM

    @Brian: Can you show the code that you put in session_store.rb to get full picture?

  • brian

    brian June 1st, 2010 @ 10:46 AM

    my session_store.rb is like this

    ActionController::Base.session = {
      :key         => '_waffle_session',
      :secret      => 'xxxxxxxx',

    and my production.rb is like this

    #config.action_controller.session_store = :mem_cache_store
    config.action_controller.session = {
      :key         => "_waffle_session",
      :secret      => 'xxxxxxxx(same with secret in session_store.rb)',
    #  :expires     => 3600,
      :cookie_only => false,
    #  :cache       => CACHE,

    thank you

  • dr

    dr July 14th, 2010 @ 12:29 AM

    I'm having a similar issue. That is, you don't seem to be able to set the session options because session_options isn't being passed down to AbstractStore.


    Rails.application.config.session_options[:key] = 'something_other_than_session_id'

    doesn't change the cookie name

  • dr

    dr July 14th, 2010 @ 03:02 AM

    Okay, I dug a little deeper and see in Rails 3 that should be:

    Rails.application.config.session_store :active_record_store, { :key => 'something_other_than_session_id' }

    Which works for :cookie_store, but not for :active_record_store.


    def initialize(app, options = {})

    to ActiveRecord::SessionStore fixes the problem. Although I don't see why it's necessary.

  • Santiago Pastorino

    Santiago Pastorino February 2nd, 2011 @ 04:36 PM

    • State changed from “new” to “open”

    This issue has been automatically marked as stale because it has not been commented on for at least three months.

    The resources of the Rails core team are limited, and so we are asking for your help. If you can still reproduce this error on the 3-0-stable branch or on master, please reply with all of the information you have about it and add "[state:open]" to your comment. This will reopen the ticket for review. Likewise, if you feel that this is a very important feature for Rails to include, please reply with your explanation so we can consider it.

    Thank you for all your contributions, and we hope you will understand this step to focus our efforts where they are most helpful.

  • Santiago Pastorino

    Santiago Pastorino February 2nd, 2011 @ 04:36 PM

    • State changed from “open” to “stale”
  • bingbing
  • ssupreme11

    ssupreme11 May 10th, 2011 @ 10:25 PM

    Its my first time to visit this site and as I was exploring I cant believe that this site was made up of a very informative articles that you should try to have compliment with so as what I am doing now I really love to look forward with more interesting information on this site.. Buy Dissertation

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>