The default way that Rails (1.2.3) stores session data is in files in your application tmp directory. This mechanism is referred to as CGI::Session::PStore. This is fine for development but becomes a problem as you move to a real production environment.
One problem with it is that unless you actively clean out old files with a cron job and 'rm' you can end up with a massive number of old session files.
It is also a problem if you use Apache and Mongrel to serve your application and want to scale things up with mongrel_cluster. Various resources warn of bad things happening with multiple mongrels and session files.
The next step up from files is to use a database table and have Active Record store session data in that. This is easy to setup.
1: Create a migration to set up the table and run that
$ rake db:sessions:create
$ rake db:migrate
== AddSessions: migrating =====================================================
-- add_index(:sessions, :session_id)
-- add_index(:sessions, :updated_at)
== AddSessions: migrated (0.8001s) ============================================
2: Edit your app's config/environment.rb file and uncomment this line
config.action_controller.session_store = :active_record_store
3: Start your app server, interact with it and look in mysql
mysql> select * from sessions;
You will see a hexadecimal encoded session_id and a big block of encoded session data. Everything else should just work normally.
4: To avoid sessions accumulating in applications where you have users login and logout, you can call reset_session in the logout action - something like this:
flash[:notice] = "Logged out"
redirect_to :action => "index"
This clears out your current session row in the table and initializes a new session object. I'm not sure why it does the latter.