Question RE: ActionController::Base.session and ActionController::Base.session_store

I had been using the cookie-based session until recently, then
switched to using active_record_store (db) as it said:

# Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information

in the session_store.rb file.

Everything works fine, but I don't really understand why it's still
setting a cookie instead of just using the session db. Is that a
normal behavior when using a database for session management?

I see the difference now - with the session_store db instead of the
cookie, the cookie is a mere reference to the record in the db. So
that makes it more secure than the cookie-based.
But I still have a question about the life of the session record in
the session db. It doesn't seem to get deleted when the session
ends. Is there a method to do that with this class? Thanks!

you are suppose to deleted manually, you can create a rake task and set up a crontab.

thanks, radhames brito.
I was hoping it was done automagically somehow.. , but found a good
reference.. :slight_smile: