First check what type of session store your application is setup for
This config usually lives here: config/initializers/session_store.rb
ApplicationName::Application.config.session_store :cookie_store, key: '_application_name_session'
The only control you over other peoples cookies is to invalidate them by changing the applications secret, located in config/initializers/secret_token.rb
run rake secret
to generate a new token, commit the change and deploy.
Make sure that your webserver/s are restarted after deploy.
rake tmp:sessions:clear
rake db:sessions:clear