Use the database for sessions instead of the cookie-based default, which shouldn't be used to store highly confidential information
Create the session table with
Run the migration
Make sure you also tell rails to use ActiveRecord to manage your sessions too.
Rails 2
config/environment.rb:
Rails 3
config/initializers/session_store.rb:
Create the session table with
1.rake db:sessions:create
Run the migration
rake db:migrate
Make sure you also tell rails to use ActiveRecord to manage your sessions too.
Rails 2
config/environment.rb:
config.action_controller.session_store = :active_record_store
Rails 3
config/initializers/session_store.rb:
Rails.application.config.session_store :active_record_store