How to fix CookiesOverflow error

This article covers the error producing the following log message:


ActionDispatch::Cookies::CookieOverflow (ActionDispatch::Cookies::CookieOverflow):

Redmine uses CookieStore and it gets overloaded. A solution is to use the Active Record Session Store instead.

Include this gem into Redmine Gemfile:

gem 'activerecord-session_store'

Install the gem:

bundle install

Run the migration generator:

rails generate active_record:session_migration

Run the migration (it will fail if you already have a sessions table, if it matches the structure describe below you can ignore this step):

rake db:migrate

Then, change session store in config/application.rb from

config.session_store :cookie_store,
      :key => '_redmine_session',
      :path => config.relative_url_root || '/'


config.session_store :active_record_store,
      :key => '_redmine_session'

Note: To avoid your sessions table expanding without limit as it will store expired and potentially sensitive session data, it is strongly recommended in production environments to schedule the db:sessions:trim rake task to run daily. Running bin/rake db:sessions:trim will delete all sessions that have not been updated in the last 30 days. The 30 days cutoff can be changed using the SESSION_DAYS_TRIM_THRESHOLD environment variable.


The default assumes a sessions table with columns:

  • id (numeric primary key),
  • session_id (string, usually varchar; maximum length is 255), and
  • data (text, longtext, json or jsonb); careful if your session data exceeds 65KB).

The session_id column should always be indexed for speedy lookups. Session data is marshaled to the data column in Base64 format. If the data you write is larger than the column's size limit, ActionController::SessionOverflowError will be raised.

You may configure the table name, primary key, data column, and serializer type. For example, at the end of config/application.rb:

ActiveRecord::SessionStore::Session.table_name = 'legacy_session_table'
ActiveRecord::SessionStore::Session.primary_key = 'session_id'
ActiveRecord::SessionStore::Session.data_column_name = 'legacy_session_data'
ActiveRecord::SessionStore::Session.serializer = :json

Note that setting the primary key to the session_id frees you from having a separate id column if you don't want it. However, you must set = session.session_id by hand! A before filter on ApplicationController is a good place.

The serializer may be class responding to #load(value) and #dump(value), or a symbol of marshal, json, hybrid or null. marshal is the default and uses the built-in Marshal methods coupled with Base64 encoding. json does what it says on the tin, using the parse() and generate() methods of the JSON module. hybrid will read either type but write as JSON. null will not perform serialization, leaving that up to the ActiveRecord database adapter. This allows you to take advantage of the native JSON capabilities of your database.

Since the default class is a simple Active Record, you get timestamps for free if you add created_at and updated_at datetime columns to the sessions table, making periodic session expiration a snap.

Reference ➤

Was this article helpful? Yes  No
18432 from 18456 found this helpful