Class: ActionDispatch::Cookies

Inherits:
Object
  • Object
show all
Defined in:
actionpack/lib/action_dispatch/middleware/cookies.rb

Overview

Cookies are read and written through ActionController#cookies.

The cookies being read are the ones received along with the request, the cookies being written will be sent out with the response. Reading a cookie does not get the cookie object itself back, just the value it holds.

Examples of writing:

# Sets a simple session cookie.
# This cookie will be deleted when the user's browser is closed.
cookies[:user_name] = "david"

# Assign an array of values to a cookie.
cookies[:lat_lon] = [47.68, -122.37]

# Sets a cookie that expires in 1 hour.
cookies[:login] = { value: "XJ-122", expires: 1.hour.from_now }

# Sets a signed cookie, which prevents users from tampering with its value.
# The cookie is signed by your app's <tt>config.secret_key_base</tt> value.
# It can be read using the signed method <tt>cookies.signed[:name]</tt>
cookies.signed[:user_id] = current_user.id

# Sets a "permanent" cookie (which expires in 20 years from now).
cookies.permanent[:login] = "XJ-122"

# You can also chain these methods:
cookies.permanent.signed[:login] = "XJ-122"

Examples of reading:

cookies[:user_name]    # => "david"
cookies.size           # => 2
cookies[:lat_lon]      # => [47.68, -122.37]
cookies.signed[:login] # => "XJ-122"

Example for deleting:

cookies.delete :user_name

Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:

cookies[:name] = {
  value: 'a yummy cookie',
  expires: 1.year.from_now,
  domain: 'domain.com'
}

cookies.delete(:name, domain: 'domain.com')

The option symbols for setting cookies are:

  • :value - The cookie’s value or list of values (as an array).

  • :path - The path for which this cookie applies. Defaults to the root of the application.

  • :domain - The domain for which this cookie applies so you can restrict to the domain level. If you use a schema like www.example.com and want to share session with user.example.com set :domain to :all. Make sure to specify the :domain option with :all again when deleting cookies.

    domain: nil  # Does not sets cookie domain. (default)
    domain: :all # Allow the cookie for the top most level
                      domain and subdomains.
    
  • :expires - The time at which this cookie expires, as a Time object.

  • :secure - Whether this cookie is only transmitted to HTTPS servers. Default is false.

  • :httponly - Whether this cookie is accessible via scripting or only HTTP. Defaults to false.

Defined Under Namespace

Modules: ChainedCookieJars, VerifyAndUpgradeLegacySignedMessage Classes: CookieJar, EncryptedCookieJar, PermanentCookieJar, SignedCookieJar, UpgradeLegacyEncryptedCookieJar, UpgradeLegacySignedCookieJar

Constant Summary collapse

HTTP_HEADER =
"Set-Cookie".freeze
GENERATOR_KEY =
"action_dispatch.key_generator".freeze
"action_dispatch.signed_cookie_salt".freeze
"action_dispatch.encrypted_cookie_salt".freeze
"action_dispatch.encrypted_signed_cookie_salt".freeze
SECRET_TOKEN =
"action_dispatch.secret_token".freeze
SECRET_KEY_BASE =
"action_dispatch.secret_key_base".freeze
4096
CookieOverflow =

Raised when storing more than 4K of session data.

Class.new StandardError

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ Cookies

Returns a new instance of Cookies.



481
482
483
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 481

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ Object



485
486
487
488
489
490
491
492
493
494
495
496
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 485

def call(env)
  status, headers, body = @app.call(env)

  if cookie_jar = env['action_dispatch.cookies']
    cookie_jar.write(headers)
    if headers[HTTP_HEADER].respond_to?(:join)
      headers[HTTP_HEADER] = headers[HTTP_HEADER].join("\n")
    end
  end

  [status, headers, body]
end