The client canceled the upgrade, so we never completed this functionality. Looking over the old commits, I found the following note regarding that. Maybe it will point you towards a solution.
class ActionDispatch::Request
# TODO Broken in Rails 3.2. No way to regenerate a new session ID
# Fix this once we get to Rails 4 which has a session#destroy method
# TODO We used to override a Warden method - better to do that again? Are
# there times when we really do want to clear the whole thing? (We do, but
# usually manually, after a customer checks out.)
def reset_session_with_shopping_cart_persistence
Rails.logger.warn("Trying to persist shopping cart across logout, but it's not working in this version of Rails")
old_session_id = session_options[:id]
reset_session_without_shopping_cart_persistence
new_session_id = session_options[:id]
if new_session_id != old_session_id
OrderedProduct.update_all(
["session_id = ?", new_session_id],
["session_id = ?", old_session_id]
)
end
end
alias_method_chain :reset_session, :shopping_cart_persistence
end