After upgrading rails, I was a little dismayed that the normal steps for configuring your app to use database sesssions throw exceptions.  After a bit of searching, I finally found the fix … and it’s a pretty simple one at that.  Basically, to use database sessions with 2.0.2, there are four things you need to do:

1. Generate the sessions migration.

   rake db:sessions:create

2. Migrate the database.

   rake db:migrate

3. Configure environment.rb.

   # Use the database for sessions instead of the cookie-based default,
   # which shouldn't be used to store highly confidential information
   # (create the session table with 'rake db:sessions:create')
   config.action_controller.session_store = :active_record_store

4. Configure application.rb.

   # See ActionController::RequestForgeryProtection for details
   # Uncomment the :secret if you're not using the cookie session store
   protect_from_forgery :secret => '83c8a9e668d98a650e444d7f72d44dff'