Uninitialized constant ActionDispatch::Session::EncryptedCookieStore

Chris Oliver

May 3, 2013

Playing with a new Rails 4.0 application the other day was great fun. Today I upgraded to the latest release, Rails 4.0.0.rc1 and got the following error:

NameError: uninitialized constant ActionDispatch::Session::EncryptedCookieStore
~/.rvm/gems/ruby-1.9.3-p194/gems/railties-4.0.0.rc1/lib/rails/application/configuration.rb:144:in `const_get'
~/.rvm/gems/ruby-1.9.3-p194/gems/railties-4.0.0.rc1/lib/rails/application/configuration.rb:144:in `session_store'
~/.rvm/gems/ruby-1.9.3-p194/gems/railties-4.0.0.rc1/lib/rails/application.rb:345:in `block in default_middleware_stack'
~/.rvm/gems/ruby-1.9.3-p194/gems/railties-4.0.0.rc1/lib/rails/application.rb:307:in `tap'
~/.rvm/gems/ruby-1.9.3-p194/gems/railties-4.0.0.rc1/lib/rails/application.rb:307:in `default_middleware_stack'

As it turns out, the Rails 4 has changed the name of the session store to CookieStore which will automatically handle the encryption. The commit message for this change provides some insight as to how it's changed:

Automatically configure cookie-based sessions to be encrypted if
`secret_key_base` is set, falling back to signed if only `secret_token`
is set. Automatically upgrade existing signed cookie-based sessions from
Rails 3.x to be encrypted if both `secret_key_base` and `secret_token`
are set, or signed with the new key generator if only `secret_token` is
set. This leaves only the `config.session_store :cookie_store` option and
removes the two new options introduced in 4.0.0.beta1:
`encrypted_cookie_store` and `upgrade_signature_to_encryption_cookie_store`.

Fixing Uninitialized constant ActionDispatch::Session::EncryptedCookieStore

Open up your config/initializers/session_store.rb file and change :encrypted_session_store to :session_store like so:

#MyApp::Application.config.session_store :encrypted_cookie_store, key: '_myapp_session'
# to
MyApp::Application.config.session_store :cookie_store, key: '_myapp_session'

Restart your application and you should be back in business.

P.S. You might enjoy following me on Twitter.