ActionDispatch::Cookies (original) (raw)

Read and write data to cookies through ActionController::Cookies#cookies.

When reading cookie data, the data is read from the HTTP request header, Cookie. When writing cookie data, the data is sent out in the HTTP response header, Set-Cookie.

Examples of writing:

cookies[:user_name] = "david"

cookies[:lat_lon] = JSON.generate([47.68, -122.37])

cookies[:login] = { value: "XJ-122", expires: 1.hour }

cookies[:login] = { value: "XJ-122", expires: Time.utc(2020, 10, 15, 5) }

cookies.signed[:user_id] = current_user.id

cookies.signed[:user_id]

cookies.encrypted[:discount] = 45

cookies.encrypted[:discount]

cookies.permanent[:login] = "XJ-122"

cookies.signed.permanent[:login] = "XJ-122"

Examples of reading:

cookies[:user_name]
cookies.size
JSON.parse(cookies[:lat_lon]) cookies.signed[:login]
cookies.encrypted[:discount]

Example for deleting:

cookies.delete :user_name

Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:

cookies[:name] = { value: 'a yummy cookie', expires: 1.year, domain: 'domain.com' }

cookies.delete(:name, domain: 'domain.com')

The option symbols for setting cookies are:

• :value - The cookie’s value.
• :path - The path for which this cookie applies. Defaults to the root of the application.
• :domain - The domain for which this cookie applies so you can restrict to the domain level. If you use a schema like <www.example.com> and want to share session with user.example.com set :domain to :all. To support multiple domains, provide an array, and the first domain matching request.host will be used. Make sure to specify the :domain option with :all or Array again when deleting cookies. For more flexibility you can set the domain on a per-request basis by specifying :domain with a proc.
  domain: nil # Does not set cookie domain. (default)
  domain: :all # Allow the cookie for the top most level
  # domain and subdomains.

domain: %w(.example.com .example.org) # Allow the cookie
# for concrete domain names.
domain: proc { Tenant.current.cookie_domain } # Set cookie domain dynamically
domain: proc { |req| ".sub.#{req.host}" } # Set cookie domain dynamically based on request

• :tld_length - When using :domain => :all, this option can be used to explicitly set the TLD length when using a short (<= 3 character) domain that is being interpreted as part of a TLD. For example, to share cookies between user1.lvh.me and user2.lvh.me, set :tld_length to 2.
• :expires - The time at which this cookie expires, as a Time or ActiveSupport::Duration object.
• :secure - Whether this cookie is only transmitted to HTTPS servers. Default is false.
• :httponly - Whether this cookie is accessible via scripting or only HTTP. Defaults to false.
• :same_site - The value of the SameSite cookie attribute, which determines how this cookie should be restricted in cross-site contexts. Possible values are nil, :none, :lax, and :strict. Defaults to :lax.

Namespace

• MODULE ActionDispatch::Cookies::ChainedCookieJars

Methods

C

• call

N

• new

Constants

Class Public methods

Instance Public methods

call(env)Link

Source: show | on GitHub

def call(env) request = ActionDispatch::Request.new(env) response = @app.call(env)

if request.have_cookie_jar? cookie_jar = request.cookie_jar unless cookie_jar.committed? response = Rack::Response[*response] cookie_jar.write(response) end end

response.to_a end