Upon switching to Rack 1.4.0 I get the following error when the session secret doesn't match a user's already generated cookie.

TypeError at /
can't convert nil into String
file: cookie.rb location: hexdigest line: 152

The error is caused when the browser's cookie was generated with a different session secret. The error appears to have been introduced in this commit.

This problem will be run into anyone who is using Sintra's enable :sessions feature, which generates a new session secret every time the app runs. Reverting to Rack 1.3.6 fixes this issue. Another fix is to set the session secret and never use enable :sessions in Sinatra.