session.keys.each do |k|
session.delete(k) if session[k].nil?
end
However you must be aware that sometimes in you application there
might be a difference between nil value and unset key (usually it is a
very rare case).
Thanks for all the trouble you are taking, Robert. I added the line:
logger.info session.keys.inspect
upon which it gave me an error:
undefined method 'keys' for #<CGI::Session:...
and when I look at ri CGI::Session, it tells me, "data can be set and
retrieved by indexing the Session instance using '', much the same
as hashes (although other hash methods are not supported)."
I am running rails 2.1.0, whereas the documentation you pointed me to,
relates to 3.0.3 -- sorry I did not mention that sooner.
Maybe there is no need to delete the keys on the session if those have
nil as value. Probably rails doesn't pass them into the cookie anyway.
But I would do an experiment to make sure.
Session Hash storage is usually a database/files/memcached, not
cookies. The reason for that is that you cannot trust cookies. Unless
you put something into the cookie, Rails app will only store a
sessions_id that is used by Rails framework to find session hash. In
another words. Always use session to store important data. Use cookies
to store unimportant things if you want them to last longer then the
session.
Maybe there is no need to delete the keys on the session if those have
nil as value. Probably rails doesn't pass them into the cookie anyway.
But I would do an experiment to make sure.
Session Hash storage is usually a database/files/memcached, not
cookies.
I thought that the default was to use cookies for session store. In
which case storage will definitely usually be cookies as most users
will just use the default.
Colin, you are absolutely right. The default session store is
CookieStore. There are also other options like DRbStore, MemCacheStore
and ActiveRecordStore.
I'm not sure about "Files". Files were used in Rails 1 but since Rails
2, the default storage of session data was moved to cookies. And that
is very good, since dealing with files to store the session data is a
complete headache.