Cookie based session management problems

<% %> is used for erb. However, since config files use ruby, you'll
have to use #{} for variables.

The reason Ryan's sample has that is because he's taking code from the
rails app generator. Once generated with a command like 'rails foo',
your app will have this:

config.action_controller.session = {
  :session_key => 'foo_session',
  :secret => 'someuniquehash'
}

Heh. I put this in my new project too. I thought it looked strange having erb in the environment.rb file but when I used “#{}” [note the double quotes] I ran into a heap of trouble. So, if I now understand correctly, we should just having something like

config.action_controller.session = {
:session_key => ‘_#{app_name}_session’,
:secret => ‘CGI::Session.generate_unique_id(#{app_name})’
}

with single quotes? I’m presuming this will get evaluated somewhere else? I’m a bit fuzzy on this and would totally appreciate any clarification.

RSL

Heh. I put this in my new project too. I thought it looked strange having
erb in the environment.rb file but when I used "#{}" [note the double
quotes] I ran into a heap of trouble. So, if I now understand correctly, we
should just having something like

  config.action_controller.session = {
    :session_key => '_#{app_name}_session',
    :secret => 'CGI::Session.generate_unique_id(#{app_name})'
  }

with single quotes? I'm presuming this will get evaluated somewhere else?
I'm a bit fuzzy on this and would totally appreciate any clarification.

RSL

Only if you have an app name variable in scope. Again, that is for
the *generator* only. For your rails app you can do something like
this:

config.action_controller.session = {
  :session_key => '_foo_session',
  :secret => 'whatever'
}

If you're cryptographically challenged, you can use script/console to
generate something for you:

CGI::Session.generate_unique_id('something')

Naturally, any string will do.