# Return the controller session secret for the current runtime environment.
# Development and test environment secrets may optionally be hardcoded below.
# For all other environments the secret must reside in the file config/session_secret.txt,
# and that file should not be checked into the repository.
class SetupExtensions
  def self.controller_session_secret
    begin
      secret = File.read(File.join(RAILS_ROOT, "config", "session_secret.txt")) 
    rescue Errno::ENOENT => e 
      raise e unless ['development','test'].include?(RAILS_ENV)
      secret = 'your_hardcoded_secret_string'    
    end
    secret
  end
end

Rails::Initializer.run do |config|
  ...
  config.action_controller.session = {
    :session_key => '_your_session_id_',
    :secret      => SetupExtensions.controller_session_secret
  }
end