146

I can't seem to find it anywhere... How do I delete/destroy/reset/empty/clear a user's session in Rails? Not just one value but the whole thing..

user664833
  • 18,397
  • 19
  • 91
  • 140
tybro0103
  • 48,327
  • 33
  • 144
  • 170

5 Answers5

217

To clear the whole thing use the reset_session method in a controller.

reset_session

Here's the documentation on this method: http://api.rubyonrails.org/classes/ActionController/Base.html#M000668

Resets the session by clearing out all the objects stored within and initializing a new session object.

Good luck!

Gdeglin
  • 12,432
  • 5
  • 49
  • 65
  • 1
    For database-based sessions (which you should probably use) you can expire through a query: http://guides.rubyonrails.org/security.html#session-expiry – m33lky Feb 24 '12 at 07:14
48

session in rails is a hash object. Hence any function available for clearing hash will work with sessions.

session.clear

or if specific keys have to be destroyed:

session.delete(key)

Tested in rails 3.2

added

People have mentioned by session={} is a bad idea. Regarding session.clear, Lobati comments- It looks like you're probably better off using reset_session [than session.clear], as it does some other cleaning up beyond what session.clear does. Internally, reset_session calls session.destroy, which itself calls clear as well some other stuff.

barlop
  • 12,887
  • 8
  • 80
  • 109
Lavixu
  • 1,348
  • 15
  • 20
  • Anybody have any thoughts on the merits of this method vs the one recommended by Gdeglin? – Peter Berg Jan 16 '14 at 17:00
  • 3
    This can be used when you want to retain other parameters but delete one particular key value pair. – Lavixu Jan 17 '14 at 05:59
  • I suppose I was referring to the use of either `session.clear` or `session = {}` vs the use of `reset_session`. Are they identical? – Peter Berg Jan 17 '14 at 12:22
  • 2
    This will not reset the session at all, it will assign a local variable. Never use this technique to reset the session: session = {} – alexspeller Feb 04 '14 at 13:38
  • 4
    The [Rails documentation](http://guides.rubyonrails.org/action_controller_overview.html), on section _5.1 Accessing the Session_ recommends to use reset_session if you want remove script-inserted key/value pairs (ex: Something inserted from a controller) and generate a new session. If you want reset only the key/value pairs you set, set those keys to nil. – sargas Apr 24 '14 at 22:33
  • Downvote for same reason as @alexspeller mentions. `session = {}` does nothing but set an empty local variable, which creates an insidious bug in your application and still leaves the session floating around untouched. – lobati May 11 '16 at 18:55
  • @lobati What about the other thing the answerer suggested, session.clear Is that OK? What exactly is the difference between session.clear and the other answer of reset_session? – barlop Jul 03 '18 at 09:18
  • 1
    @barlop It looks like you're probably better off using `reset_session`, as it does some other cleaning up beyond what `session.clear` does. Internally, [`reset_session` calls `session.destroy`](https://github.com/rails/rails/blob/afc2b424e27fe48f83d5d1be73a8fadc38499c0c/actionpack/lib/action_dispatch/http/request.rb#L350), which [itself calls `clear` as well some other stuff](https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/request/session.rb#L79-L87). – lobati Jul 03 '18 at 16:23
9

to delete a user's session 

session.delete(:user_id)
vjnan369
  • 833
  • 16
  • 42
5

To clear only certain parameters, you can use:

[:param1, :param2, :param3].each { |k| session.delete(k) }
vladCovaliov
  • 4,333
  • 2
  • 43
  • 58
5

add this code to your ApplicationController

def reset_session
  @_request.reset_session
end

( Dont know why no one above just mention this code as it fixed my problem ) http://apidock.com/rails/ActionController/RackDelegation/reset_session

daveomcd
  • 6,367
  • 14
  • 83
  • 137
David Mesaros
  • 71
  • 1
  • 3