Are you just starting out with Rails security or with Ruby on Rails itself? Here are the Rails security links that you’ll need to get started. Especially the official Rails security guide will give you a good overview.
Why and how, for session and normal cookies
A vulnerable Rails app that follows the OWASP Top 10
Many examples of what NOT to do
RailsConf talk: Introduction to Rails security
The number 3 in the OWASP Top Ten web application vulnerabilities
Note that I’ll add more to this page, subscribe to the mailing list to hear about it first.