Module: ActionDispatch::Cookies::ChainedCookieJars
- Included in:
- CookieJar, EncryptedCookieJar, PermanentCookieJar, SignedCookieJar
- Defined in:
- actionpack/lib/action_dispatch/middleware/cookies.rb
Overview
Include in a cookie jar to allow chaining, e.g. cookies.permanent.signed
Instance Method Summary collapse
-
#encrypted ⇒ Object
Returns a jar that’ll automatically encrypt cookie values before sending them to the client and will decrypt them for read.
-
#permanent ⇒ Object
Returns a jar that’ll automatically set the assigned cookies to have an expiration date 20 years from now.
-
#signed ⇒ Object
Returns a jar that’ll automatically generate a signed representation of cookie value and verify it when reading from the cookie again.
-
#signed_or_encrypted ⇒ Object
Returns the
signed
orencrypted
jar, preferringencrypted
ifsecret_key_base
is set.
Instance Method Details
#encrypted ⇒ Object
Returns a jar that’ll automatically encrypt cookie values before sending them to the client and will decrypt them for read. If the cookie was tampered with by the user (or a 3rd party), nil will be returned.
If secrets.secret_key_base
and config.secret_token
(deprecated) are both set, legacy cookies signed with the old key generator will be transparently upgraded.
This jar requires that you set a suitable secret for the verification on your app’s secrets.secret_key_base
.
Example:
.encrypted[:discount] = 45
# => Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/
.encrypted[:discount] # => 45
155 156 157 158 159 160 161 162 |
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 155 def encrypted @encrypted ||= if @options[:upgrade_legacy_signed_cookies] UpgradeLegacyEncryptedCookieJar.new(self, @key_generator, @options) else EncryptedCookieJar.new(self, @key_generator, @options) end end |
#permanent ⇒ Object
Returns a jar that’ll automatically set the assigned cookies to have an expiration date 20 years from now. Example:
.permanent[:prefers_open_id] = true
# => Set-Cookie: prefers_open_id=true; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
This jar is only meant for writing. You’ll read permanent cookies through the regular accessor.
This jar allows chaining with the signed jar as well, so you can set permanent, signed cookies. Examples:
.permanent.signed[:remember_me] = current_user.id
# => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
113 114 115 |
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 113 def permanent @permanent ||= PermanentCookieJar.new(self, @key_generator, @options) end |
#signed ⇒ Object
Returns a jar that’ll automatically generate a signed representation of cookie value and verify it when reading from the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed cookie was tampered with by the user (or a 3rd party), nil will be returned.
If secrets.secret_key_base
and config.secret_token
(deprecated) are both set, legacy cookies signed with the old key generator will be transparently upgraded.
This jar requires that you set a suitable secret for the verification on your app’s secrets.secret_key_base
.
Example:
.signed[:discount] = 45
# => Set-Cookie: discount=BAhpMg==--2c1c6906c90a3bc4fd54a51ffb41dffa4bf6b5f7; path=/
.signed[:discount] # => 45
132 133 134 135 136 137 138 139 |
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 132 def signed @signed ||= if @options[:upgrade_legacy_signed_cookies] UpgradeLegacySignedCookieJar.new(self, @key_generator, @options) else SignedCookieJar.new(self, @key_generator, @options) end end |
#signed_or_encrypted ⇒ Object
Returns the signed
or encrypted
jar, preferring encrypted
if secret_key_base
is set. Used by ActionDispatch::Session::CookieStore to avoid the need to introduce new cookie stores.
166 167 168 169 170 171 172 173 |
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 166 def signed_or_encrypted @signed_or_encrypted ||= if @options[:secret_key_base].present? encrypted else signed end end |