I’m building a session-less application and have set “session :off” in
the base controller (ApplicationController in application.rb).
Unfortunately, I still see session files appearing in /tmp/ruby_sess.*
– and the cause of these files is when a routing error occurs. Whenever
a bad URL comes in, for example
http://localhost:3000/not/a/chance/in/hell, the RoutingError exception
is raised then the session file is created.
I see this behavior in both the development (WEBrick) and production
(Apache) environments.
After reading
http://wiki.rubyonrails.org/rails/pages/HowtoChangeSessionOptions, I
tried this as a workaround in environment.rb:
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update(:disabled
=> true)
That didn’t help.
It appears that this problem occurs after the render_* methods, while
ActionController is building the response, so I’m not sure how to
workaround it.
FYI, I found this problem because of a bad image URL that someone had
entered into a database. I don’t want to solve this problem by doing URL
validation 
Any help or suggestions would be most appreciated.
-ch