If you are storing your sessions in a db then

如果您将会话存储在数据库中，那么

rake db:sessions:clear

Whether it's DB or cookie store, use rake tmp:sessions:clear

无论是 DB 还是 cookie 存储，使用 rake tmp:sessions:clear

In Rails 4, the accepted answer (rake db:sessions:clear) no longer works because ActiveRecord::SessionStore was extracted into the active_record-session_storegem. (See herefor further explanation)

在 Rails 4 中，接受的答案 ( rake db:sessions:clear) 不再有效，因为 ActiveRecord::SessionStore 被提取到active_record-session_storegem 中。（见这里进一步解释）

You can now either install the active_record-session_storegem and use rake db:sessions:clearas in Rails 3, or create a custom Rake task that looks like so:

您现在可以安装active_record-session_storegem 并rake db:sessions:clear在 Rails 3 中使用，或者创建一个自定义的 Rake 任务，如下所示：

namespace :db do
    namespace :sessions do
        desc "Clear ActiveRecord sessions"
        task :clear => :environment do
            sql = 'TRUNCATE sessions;'
            ActiveRecord::Base.connection.execute(sql)
        end
    end
end

Firstly, nil is not == false, however, nil evaluates to false. Try it yourself if you do not believe:

首先，nil 不是 == false，但是，nil 的计算结果为 false。如果您不相信，请自行尝试：

irb(main):001:0> nil == false
=> false
irb(main):002:0> nil == nil
=> true

Which ofcourse means:

这当然意味着：

irb(main):003:0> false.nil?
=> false

You can clean up your code in the following manner as it seems like @firsttime is never set to true anywhere.

您可以通过以下方式清理您的代码，因为似乎 @firsttime 从未在任何地方设置为 true。

unless session[:visited]
  session[:visited] = true
  initglobals
end

Finally, rake tmp:sessions:clear will only work if you are using ActiveRecordStore, if you are using CookieStore (which is the default). Then you will need to clean your cookies, or use reset_session.

最后， rake tmp:sessions:clear 仅在您使用 ActiveRecordStore 时有效，如果您使用 CookieStore（这是默认设置）。然后你需要清理你的cookies，或者使用reset_session。

I'm using Rails 4 and the following solution worked for me as I do not want to manual run rake db:session:clearevery time I start my application.

我正在使用 Rails 4，以下解决方案对我有用，因为我不想rake db:session:clear每次启动应用程序时都手动运行。

Inside /config/initializer/session_store.rb add the following

在 /config/initializer/session_store.rb 中添加以下内容

ActiveRecord::SessionStore::Session.delete_all

This is just the same as the rake command but done at the initializer level.

这与 rake 命令相同，但在初始化程序级别完成。

Best is to change the secret key on the deployment, all cookies will be invalidated

最好是在部署时更改密钥，所有 cookie 都会失效

technically, you should be providing one already via an environment variable.

从技术上讲，您应该已经通过环境变量提供了一个。

http://guides.rubyonrails.org/security.html#custom-secrets

http://guides.rubyonrails.org/security.html#custom-secrets

for the rake task, it looks like the new one is

对于 rake 任务，看起来新的任务是

rails tmp:clear  

In Rails 5 if using ActiveRecord:

在 Rails 5 中，如果使用 ActiveRecord：

ActiveRecord::SessionStore::Session.delete_all

ActiveRecord::SessionStore::Session.delete_all

or for more granular:

或者更细粒度的：

# For example schedule this once a day`
ActiveRecord::SessionStore::Session.where(["updated_at < ?", 2.weeks.ago]).delete_all

At least for sessions stored in cookies, you could just change your session store key:

至少对于存储在 cookie 中的会话，您可以更改会话存储密钥：

initializers/session_store.rb:

初始值设定项/session_store.rb：

Rails.application.config.session_store :cookie_store, key: '_my_new_session_key'

According to the Rails API: ...changing your secret_key_base will invalidate all existing sessions

根据 Rails API：...更改您的 secret_key_base 将使所有现有会话无效

https://api.rubyonrails.org/v5.2.1/classes/ActionDispatch/Session/CookieStore.html

https://api.rubyonrails.org/v5.2.1/classes/ActionDispatch/Session/CookieStore.html

rake db:schema:cache:clear

this clears cache and all sessions when using rails API, and for other databse tasks use:

这会在使用 rails API 时清除缓存和所有会话，对于其他数据库任务，请使用：

rake --tasks

To present an alternative solution: you could change the secret_key_base- if the authentication is done in another application.

提出一个替代解决方案：您可以更改secret_key_base- 如果身份验证是在另一个应用程序中完成的。