Class: ActionDispatch::Cookies
- Inherits:
-
Object
- Object
- ActionDispatch::Cookies
- Defined in:
- lib/action_dispatch/middleware/cookies.rb
Overview
Cookies are read and written through ActionController#cookies.
The cookies being read are the ones received along with the request, the cookies being written will be sent out with the response. Reading a cookie does not get the cookie object itself back, just the value it holds.
Examples of writing:
# Sets a simple session cookie.
# This cookie will be deleted when the user's browser is closed.
[:user_name] = "david"
# Cookie values are String based. Other data types need to be serialized.
[:lat_lon] = JSON.generate([47.68, -122.37])
# Sets a cookie that expires in 1 hour.
[:login] = { value: "XJ-122", expires: 1.hour.from_now }
# Sets a signed cookie, which prevents users from tampering with its value.
# The cookie is signed by your app's `secrets.secret_key_base` value.
# It can be read using the signed method `cookies.signed[:name]`
.signed[:user_id] = current_user.id
# Sets an encrypted cookie value before sending it to the client which
# prevent users from reading and tampering with its value.
# The cookie is signed by your app's `secrets.secret_key_base` value.
# It can be read using the encrypted method `cookies.encrypted[:name]`
.encrypted[:discount] = 45
# Sets a "permanent" cookie (which expires in 20 years from now).
.permanent[:login] = "XJ-122"
# You can also chain these methods:
.permanent.signed[:login] = "XJ-122"
Examples of reading:
[:user_name] # => "david"
.size # => 2
JSON.parse([:lat_lon]) # => [47.68, -122.37]
.signed[:login] # => "XJ-122"
.encrypted[:discount] # => 45
Example for deleting:
.delete :user_name
Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
[:name] = {
value: 'a yummy cookie',
expires: 1.year.from_now,
domain: 'domain.com'
}
.delete(:name, domain: 'domain.com')
The option symbols for setting cookies are:
-
:value
- The cookie’s value. -
:path
- The path for which this cookie applies. Defaults to the root of the application. -
:domain
- The domain for which this cookie applies so you can restrict to the domain level. If you use a schema like www.example.com and want to share session with user.example.com set:domain
to:all
. Make sure to specify the:domain
option with:all
orArray
again when deleting cookies.domain: nil # Does not set cookie domain. (default) domain: :all # Allow the cookie for the top most level # domain and subdomains. domain: %w(.example.com .example.org) # Allow the cookie # for concrete domain names.
-
:tld_length
- When using:domain => :all
, this option can be used to explicitly set the TLD length when using a short (<= 3 character) domain that is being interpreted as part of a TLD. For example, to share cookies between user1.lvh.me and user2.lvh.me, set:tld_length
to 1. -
:expires
- The time at which this cookie expires, as a Time object. -
:secure
- Whether this cookie is only transmitted to HTTPS servers. Default isfalse
. -
:httponly
- Whether this cookie is accessible via scripting or only HTTP. Defaults tofalse
.
Defined Under Namespace
Modules: ChainedCookieJars, SerializedCookieJars, VerifyAndUpgradeLegacySignedMessage Classes: AbstractCookieJar, CookieJar, EncryptedCookieJar, JsonSerializer, PermanentCookieJar, SignedCookieJar, UpgradeLegacyEncryptedCookieJar, UpgradeLegacySignedCookieJar
Constant Summary collapse
- HTTP_HEADER =
"Set-Cookie".freeze
- GENERATOR_KEY =
"action_dispatch.key_generator".freeze
- SIGNED_COOKIE_SALT =
"action_dispatch.signed_cookie_salt".freeze
- ENCRYPTED_COOKIE_SALT =
"action_dispatch.encrypted_cookie_salt".freeze
- ENCRYPTED_SIGNED_COOKIE_SALT =
"action_dispatch.encrypted_signed_cookie_salt".freeze
- SECRET_TOKEN =
"action_dispatch.secret_token".freeze
- SECRET_KEY_BASE =
"action_dispatch.secret_key_base".freeze
- COOKIES_SERIALIZER =
"action_dispatch.cookies_serializer".freeze
- COOKIES_DIGEST =
"action_dispatch.cookies_digest".freeze
- MAX_COOKIE_SIZE =
Cookies can typically store 4096 bytes.
4096
- CookieOverflow =
Raised when storing more than 4K of session data.
Class.new StandardError
Instance Method Summary collapse
- #call(env) ⇒ Object
-
#initialize(app) ⇒ Cookies
constructor
A new instance of Cookies.
Constructor Details
#initialize(app) ⇒ Cookies
Returns a new instance of Cookies.
606 607 608 |
# File 'lib/action_dispatch/middleware/cookies.rb', line 606 def initialize(app) @app = app end |
Instance Method Details
#call(env) ⇒ Object
610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 |
# File 'lib/action_dispatch/middleware/cookies.rb', line 610 def call(env) request = ActionDispatch::Request.new env status, headers, body = @app.call(env) if request. = request. unless .committed? .write(headers) if headers[HTTP_HEADER].respond_to?(:join) headers[HTTP_HEADER] = headers[HTTP_HEADER].join("\n") end end end [status, headers, body] end |