class ActionDispatch::Cookies::CookieJar
:nodoc:
def self.build(request)
def self.build(request) secret = request.env[TOKEN_KEY] host = request.host secure = request.ssl? new(secret, host, secure).tap do |hash| hash.update(request.cookies) end end
def [](name)
def [](name) @cookies[name.to_s] end
def []=(key, options)
Sets the cookie named +name+. The second argument may be the very cookie
def []=(key, options) if options.is_a?(Hash) options.symbolize_keys! value = options[:value] else value = options options = { :value => value } end @cookies[key.to_s] = value handle_options(options) @set_cookies[key.to_s] = options @delete_cookies.delete(key.to_s) value end
def clear(options = {})
def clear(options = {}) @cookies.each_key{ |k| delete(k, options) } end
def delete(key, options = {})
and setting its expiration date into the past. Like []=, you can pass in
Removes the cookie on the client machine by setting the value to an empty string
def delete(key, options = {}) options.symbolize_keys! handle_options(options) value = @cookies.delete(key.to_s) @delete_cookies[key.to_s] = options value end
def each(&block)
def each(&block) @cookies.each(&block) end
def handle_options(options) #:nodoc:
def handle_options(options) #:nodoc: options[:path] ||= "/" if options[:domain] == :all # if there is a provided tld length then we use it otherwise default domain regexp domain_regexp = options[:tld_length] ? /([^.]+\.?){#{options[:tld_length]}}$/ : DOMAIN_REGEXP # if host is not ip and matches domain regexp # (ip confirms to domain regexp so we explicitly check for ip) options[:domain] = if (@host !~ /^[\d.]+$/) && (@host =~ domain_regexp) ".#{$&}" end elsif options[:domain].is_a? Array # if host matches one of the supplied domains without a dot in front of it options[:domain] = options[:domain].find {|domain| @host.include? domain[/^\.?(.*)$/, 1] } end end
def initialize(secret = nil, host = nil, secure = false)
def initialize(secret = nil, host = nil, secure = false) @secret = secret @set_cookies = {} @delete_cookies = {} @host = host @secure = secure @closed = false @cookies = {} end
def key?(name)
def key?(name) @cookies.key?(name.to_s) end
def permanent
cookies.permanent.signed[:remember_me] = current_user.id
This jar allows chaining with the signed jar as well, so you can set permanent, signed cookies. Examples:
This jar is only meant for writing. You'll read permanent cookies through the regular accessor.
# => Set-Cookie: prefers_open_id=true; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
cookies.permanent[:prefers_open_id] = true
Returns a jar that'll automatically set the assigned cookies to have an expiration date 20 years from now. Example:
def permanent @permanent ||= PermanentCookieJar.new(self, @secret) end
def recycle! #:nodoc:
def recycle! #:nodoc: @set_cookies.clear @delete_cookies.clear end
def signed
# => Set-Cookie: discount=BAhpMg==--2c1c6906c90a3bc4fd54a51ffb41dffa4bf6b5f7; path=/
cookies.signed[:discount] = 45
Example:
This jar requires that you set a suitable secret for the verification on your app's config.secret_token.
be raised.
cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception will
the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed
Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
def signed @signed ||= SignedCookieJar.new(self, @secret) end
def update(other_hash)
def update(other_hash) @cookies.update other_hash.stringify_keys self end
def write(headers)
def write(headers) @set_cookies.each { |k, v| ::Rack::Utils.set_cookie_header!(headers, k, v) if write_cookie?(v) } @delete_cookies.each { |k, v| ::Rack::Utils.delete_cookie_header!(headers, k, v) } end
def write_cookie?(cookie)
def write_cookie?(cookie) @secure || !cookie[:secure] || always_write_cookie end