session :no_cookies => true, :except => [ :login ]

when session :off is just too much

Set-Cookie: _session_id

Do all those new web2.0ish sites need to throw cookies at the casual viewer just on the first page? I hope not.

Most sites do it anyway. If my first impression is a cookie warning, frankly I'd hit the block cookies button without further thought.

It's about signup, login, personalize and contribute, I get that. I just havn't decided if I want a session with that site right away.

The disappointment then gets worse when I try to actually signup. I need to locate the site in firefox cramped blocked cookies dialog. Just not worth the effort, web2.0ing stops right there, 9 out of 10 times.

session :no_cookies

Isn't there a short and sweet way to stop rails from throwing cookies like there is nothing to them? Ok, that's not a question. Rails always delivers!

A picture says a thousand words. And maybe all you need to see is this one line:

session :no_cookies => true, :except => [ :login ]

You really need to look close as ActionPack won't give any hints: http://dev.rubyonrails.org/browser/trunk/actionpack/lib/action_controlle... .

But just examine the source code for CGI::Session#new http://www.ruby-doc.org/stdlib/libdoc/cgi/rdoc/classes/CGI/Session.html .

    CGI::Session#new:
    ...
    @output_cookies = [ ... ] unless option['no_cookies']

:except => [ :login ]

All right, just stop the cookies there. Unless a new session is what you really want.

In your controller write

    class MyController < ApplicationController
      session :no_cookies => true, :except => [ :login ]
      ...

To clear things up: The session is not disabled, it's available to the app all right. But rails won't try to create a new session for just any random page view.

So, rails developers, please only create sessions for selected pages, like e.g. signup, login and maybe even options like sorting. But just skip it for a random static page.