class ActionDispatch::Cookies
‘:lax`.
Possible values are `nil`, `:none`, `:lax`, and `:strict`. Defaults to
determines how this cookie should be restricted in cross-site contexts.
* `:same_site` - The value of the `SameSite` cookie attribute, which
HTTP. Defaults to `false`.
* `:httponly` - Whether this cookie is accessible via scripting or only
Default is `false`.
* `:secure` - Whether this cookie is only transmitted to HTTPS servers.
ActiveSupport::Duration object.
* `:expires` - The time at which this cookie expires, as a Time or
between user1.lvh.me and user2.lvh.me, set `:tld_length` to 2.
that is being interpreted as part of a TLD. For example, to share cookies
explicitly set the TLD length when using a short (<= 3 character) domain
* `:tld_length` - When using `:domain => :all`, this option can be used to
domain: proc { |req| “.sub.#{req.host}” } # Set cookie domain dynamically based on request
domain: proc { Tenant.current.cookie_domain } # Set cookie domain dynamically
# for concrete domain names.
domain: %w(.example.com .example.org) # Allow the cookie
# domain and subdomains.
domain: :all # Allow the cookie for the top most level
domain: nil # Does not set cookie domain. (default)
a proc.
you can set the domain on a per-request basis by specifying `:domain` with
with `:all` or `Array` again when deleting cookies. For more flexibility
`request.host` will be used. Make sure to specify the `:domain` option
multiple domains, provide an array, and the first domain matching
share session with user.example.com set `:domain` to `:all`. To support
to the domain level. If you use a schema like www.example.com and want to
* `:domain` - The domain for which this cookie applies so you can restrict
the application.
* `:path` - The path for which this cookie applies. Defaults to the root of
* `:value` - The cookie’s value.
The option symbols for setting cookies are:
cookies.delete(:name, domain: ‘domain.com’)
}
domain: ‘domain.com’
expires: 1.year,
value: ‘a yummy cookie’,<br>cookies = {
also specify the domain when deleting the cookie:
Please note that if you specify a ‘:domain` when setting a cookie, you must
cookies.delete :user_name
Example for deleting:<br><br>cookies.encrypted # => 45<br>cookies.signed # => “XJ-122”<br>JSON.parse(cookies) # => [47.68, -122.37]
cookies.size # => 2<br>cookies # => “david”
Examples of reading:<br><br>cookies.signed.permanent = “XJ-122”
# You can also chain these methods:<br><br>cookies.permanent = “XJ-122”
# Sets a “permanent” cookie (which expires in 20 years from now).<br><br>cookies.encrypted # => 45
# It can be read using the encrypted method.<br>cookies.encrypted = 45
# prevent users from reading and tampering with its value.
# Sets an encrypted cookie value before sending it to the client which<br><br>cookies.signed # => 123
# It can be read using the signed method.<br>cookies.signed = current_user.id
# Sets a signed cookie, which prevents users from tampering with its value.<br><br>cookies = { value: “XJ-122”, expires: Time.utc(2020, 10, 15, 5) }
# Sets a cookie that expires at a specific time.<br><br>cookies = { value: “XJ-122”, expires: 1.hour }
# Sets a cookie that expires in 1 hour.<br><br>cookies = JSON.generate([47.68, -122.37])
# Cookie values are String-based. Other data types need to be serialized.<br><br>cookies = “david”
# This cookie will be deleted when the user’s browser is closed.
# Sets a simple session cookie.
Examples of writing:
header, ‘Set-Cookie`.
Cookie. When writing cookie data, the data is sent out in the HTTP response
When reading cookie data, the data is read from the HTTP request header,
Read and write data to cookies through ActionController::Cookies#cookies.
def call(env)
def call(env) request = ActionDispatch::Request.new(env) response = @app.call(env) if request.have_cookie_jar? cookie_jar = request.cookie_jar unless cookie_jar.committed? response = Rack::Response[*response] cookie_jar.write(response) end end response.to_a end
def initialize(app)
def initialize(app) @app = app end