Avoid logging `Session cookie encryptor error: ...` by default?

[dentarg]

Does it makes sense to be able to silence this logging or make it opt-in?

rack-session/lib/rack/session/cookie.rb

Lines 223 to 224 in d2f080c

	rescue Rack::Session::Encryptor::Error => error
	request.env[Rack::RACK_ERRORS].puts "Session cookie encryptor error: #{error.message}"

Maybe behind $VERBOSE as done here?

rack-session/lib/rack/session/abstract/id.rb

Line 397 in d2f080c

req.get_header(RACK_ERRORS).puts("Deferring cookie for #{session_id}") if $VERBOSE

Looks like it can log the following variants of Session cookie encryptor error: <message>

• wrong version
• Message is invalid
• invalid message
• HMAC is invalid

I'm not sure they're useful to always have enabled (in production) as any user can trigger at least Session cookie encryptor error: Message is invalid by sending bogus data in the Cookie header.