class ActionDispatch::Cookies
:lax
.
Possible values are nil
, :none
, :lax
, and :strict
. Defaults to
determines how this cookie should be restricted in cross-site contexts.
* :same_site
- The value of the SameSite
cookie attribute, which
only HTTP. Defaults to false
.
* :httponly
- Whether this cookie is accessible via scripting or
Default is false
.
* :secure
- Whether this cookie is only transmitted to HTTPS servers.
* :expires
- The time at which this cookie expires, as a Time or ActiveSupport::Duration object.
For example, to share cookies between user1.lvh.me and user2.lvh.me, set :tld_length
to 2.
set the TLD length when using a short (<= 3 character) domain that is being interpreted as part of a TLD.
* :tld_length
- When using :domain => :all
, this option can be used to explicitly
domain: proc { |req| “.sub.#{req.host}” } # Set cookie domain dynamically based on request
domain: proc { Tenant.current.cookie_domain } # Set cookie domain dynamically
# for concrete domain names.
domain: %w(.example.com .example.org) # Allow the cookie
# domain and subdomains.
domain: :all # Allow the cookie for the top most level
domain: nil # Does not set cookie domain. (default)
with a proc.
can set the domain on a per-request basis by specifying :domain
Array
again when deleting cookies. For more flexibility you
sure to specify the :domain
option with :all
or
the first domain matching request.host
will be used. Make
to :all
. To support multiple domains, provide an array, and
and want to share session with user.example.com set :domain
restrict to the domain level. If you use a schema like www.example.com<br>* :domain
- The domain for which this cookie applies so you can
of the application.
* :path
- The path for which this cookie applies. Defaults to the root
* :value
- The cookie’s value.
The option symbols for setting cookies are:
cookies.delete(:name, domain: ‘domain.com’)
}
domain: ‘domain.com’
expires: 1.year,
value: ‘a yummy cookie’,<br>cookies = {
Please note that if you specify a :domain
when setting a cookie, you must also specify the domain when deleting the cookie:
cookies.delete :user_name
Example for deleting:<br><br>cookies.encrypted # => 45<br>cookies.signed # => “XJ-122”<br>JSON.parse(cookies) # => [47.68, -122.37]
cookies.size # => 2<br>cookies # => “david”
Examples of reading:<br><br>cookies.signed.permanent = “XJ-122”
# You can also chain these methods:<br><br>cookies.permanent = “XJ-122”
# Sets a “permanent” cookie (which expires in 20 years from now).<br><br>cookies.encrypted = 45
# It can be read using the encrypted method ‘cookies.encrypted`
# prevent users from reading and tampering with its value.
# Sets an encrypted cookie value before sending it to the client which<br><br>cookies.signed = current_user.id
# It can be read using the signed method `cookies.signed`
# Sets a signed cookie, which prevents users from tampering with its value.<br><br>cookies = { value: “XJ-122”, expires: Time.utc(2020, 10, 15, 5) }
# Sets a cookie that expires at a specific time.<br><br>cookies = { value: “XJ-122”, expires: 1.hour }
# Sets a cookie that expires in 1 hour.<br><br>cookies = JSON.generate([47.68, -122.37])
# Cookie values are String-based. Other data types need to be serialized.<br><br>cookies = “david”
# This cookie will be deleted when the user’s browser is closed.
# Sets a simple session cookie.
Examples of writing:
When writing cookie data, the data is sent out in the HTTP response header, Set-Cookie
.
When reading cookie data, the data is read from the HTTP request header, Cookie.
Read and write data to cookies through ActionController::Cookies#cookies.
def call(env)
def call(env) request = ActionDispatch::Request.new(env) response = @app.call(env) if request.have_cookie_jar? cookie_jar = request.cookie_jar unless cookie_jar.committed? response = Rack::Response[*response] cookie_jar.write(response) end end response.to_a end
def initialize(app)
def initialize(app) @app = app end