8

I'm new to Ruby on Rails but it seems it creates a new session every time a new user visits the website. The problem is, creating a session involves placing a cookie on the user's browser and the problem with that is that cookies are illegal in Europe!!!

An exceptionally technologically-ignorant directive holds the user must give his prior consent for any cookie being placed on their computer, and, if Ruby on Rails sets a cookie immediately, I've got no chance for getting the consent. Immediately on the first visit to my application, the cookie probably does not serve any purpose from the website's functionality point of view, so the excuse of "implied consent" would also be invalid in court.

So, is it possible to configure a RoR application so that it does not create sessions automatically?

durron597
  • 31,968
  • 17
  • 99
  • 158
lampak
  • 890
  • 1
  • 9
  • 21

2 Answers2

2

There is a library that handles most of this for you: rack-policy

It will kill any cookies you/rails attempt to set unless a cookie called rack.policy exists. It also provides view helpers to tell you whether cookies are currently enabled, so that you can hide/shoe banners or functionality as appropriate.

You might want to note that a lot of websites (eg the bbc) have taken the approach of using cookies as normal but displaying a warning with word to the effect of "by continuing to use this website you are agreeing to our use of cookies" (with links to more info and an option not to show the warning anymore).

Frederick Cheung
  • 83,189
  • 8
  • 152
  • 174
1

Check this answer here about using Rack Middleware to delete the sessions and/or all cookies as they are on their way out the door: Rails 3 disabling session cookies

Community
  • 1
  • 1
Jesse Wolgamott
  • 40,197
  • 4
  • 83
  • 109