Specify how sessions ought to be managed for a subset of the actions on the
controller. Like filters, you can specify :only and
:except clauses to restrict the subset, otherwise options apply to
all actions on this controller.
The session options are
inheritable, as well, so if you specify them in a parent controller, they
apply to controllers that extend the parent.
Usage:
# turn off session management for all actions.
session :off
# turn off session management for all actions _except_ foo and bar.
session :off, :except => %w(foo bar)
# turn off session management for only the foo and bar actions.
session :off, :only => %w(foo bar)
# the session will only work over HTTPS, but only for the foo action
session :only => :foo, :session_secure => true
# the session by default uses HttpOnly sessions for security reasons.
# this can be switched off.
session :only => :foo, :session_http_only => false
# the session will only be disabled for 'foo', and only if it is
# requested as a web service
session :off, :only => :foo,
:if => Proc.new { |req| req.parameters[:ws] }
# the session will be disabled for non html/ajax requests
session :off,
:if => Proc.new { |req| !(req.format.html? || req.format.js?) }
# turn the session back on, useful when it was turned off in the
# application controller, and you need it on in another controller
session :on
All session options described for
ActionController::Base.process_cgi are
valid arguments.