Session_options[:secure] resets session_id on every request

I’m working on an ecommerce site (in Rails 2.3) and I added:

ActionController::Base.session_options[:secure] = true

to ~/config/environments/production.rb

Now, every time I add something to my shopping cart and navigate away I
get a new session_id (which essentially empties my shopping cart).

How can I get the continuity of my sessions back, while still having the
session_id get set over a secure connection?

I’ve attached my ~/config/environment.rb and here is my

Settings specified here will take precedence over those in


The production environment is meant for finished, “live” apps.

Code is not reloaded between requests

config.cache_classes = true

Use a different logger for distributed setups

config.logger =

Full error reports are disabled and caching is turned on

config.action_controller.consider_all_requests_local = false
config.action_controller.perform_caching = true

Enable serving of images, stylesheets, and javascripts from an asset


config.action_controller.asset_host =

Disable delivery errors if you bad email addresses should just be


config.action_mailer.raise_delivery_errors = false

config.action_mailer.smtp_settings = {
:address => “”,
:port => 25,
:domain => “

Turn these on and comment out the above config options for development


config.cache_classes = false

config.action_controller.perform_caching = false

config.action_view.cache_template_extensions = false

config.log_level = :debug

encypt session_id cookies

I’m only doing this in production mode because I don’t run SSL on my

dev machine.

If this were system wide, I could never set the session_id cookie with

my development machine
ActionController::Base.session_options[:secure] = true

Hi I’m having the same issue but this is causing an
InvalidAuthenticityToken exception to be thrown. Were you able to fix
this issue?

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs