Class: ActionDispatch::Cookies
Relationships & Source Files | |
Namespace Children | |
Modules:
| |
Inherits: | Object |
Defined in: | actionpack/lib/action_dispatch/middleware/cookies.rb |
Overview
Read and write data to cookies through ActionController::Cookies#cookies.
When reading cookie data, the data is read from the HTTP request header, Cookie. When writing cookie data, the data is sent out in the HTTP response header, Set-Cookie
.
Examples of writing:
# Sets a simple session cookie.
# This cookie will be deleted when the user's browser is closed.
[:user_name] = "david"
# Cookie values are String-based. Other data types need to be serialized.
[:lat_lon] = JSON.generate([47.68, -122.37])
# Sets a cookie that expires in 1 hour.
[:login] = { value: "XJ-122", expires: 1.hour }
# Sets a cookie that expires at a specific time.
[:login] = { value: "XJ-122", expires: Time.utc(2020, 10, 15, 5) }
# Sets a signed cookie, which prevents users from tampering with its value.
# It can be read using the signed method {cookies.signed[:name]}
.signed[:user_id] = current_user.id
# Sets an encrypted cookie value before sending it to the client which
# prevent users from reading and tampering with its value.
# It can be read using the encrypted method {cookies.encrypted[:name]}
.encrypted[:discount] = 45
# Sets a "permanent" cookie (which expires in 20 years from now).
.permanent[:login] = "XJ-122"
# You can also chain these methods:
.signed.permanent[:login] = "XJ-122"
Examples of reading:
:user_name] # => "david"
.size # => 2
JSON.parse( [:lat_lon]) # => [47.68, -122.37]
.signed[:login] # => "XJ-122"
.encrypted[:discount] # => 45
[
Example for deleting:
delete :user_name
.
Please note that if you specify a :domain
when setting a cookie, you must also specify the domain when deleting the cookie:
:name] = {
value: 'a yummy cookie',
expires: 1.year,
domain: 'domain.com'
}
.delete(:name, domain: 'domain.com')
[
The option symbols for setting cookies are:
-
:value
- The cookie’s value. -
:path
- The path for which this cookie applies. Defaults to the root of the application. -
:domain
- The domain for which this cookie applies so you can restrict to the domain level. If you use a schema like www.example.com and want to share session with user.example.com set:domain
to:all
. To support multiple domains, provide an array, and the first domain matchingrequest.host
will be used. Make sure to specify the:domain
option with:all
or::Array
again when deleting cookies. For more flexibility you can set the domain on a per-request basis by specifying:domain
with a proc.domain: nil # Does not set cookie domain. (default) domain: :all # Allow the cookie for the top most level # domain and subdomains. domain: %w(.example.com .example.org) # Allow the cookie # for concrete domain names. domain: proc { Tenant.current. } # Set cookie domain dynamically domain: proc { |req| ".sub.#{req.host}" } # Set cookie domain dynamically based on request
-
:tld_length
- When using:domain => :all
, this option can be used to explicitly set the TLD length when using a short (<= 3 character) domain that is being interpreted as part of a TLD. For example, to share cookies between user1.lvh.me and user2.lvh.me, set:tld_length
to 2. -
:expires
- The time at which this cookie expires, as a Time or::ActiveSupport::Duration
object. -
:secure
- Whether this cookie is only transmitted to HTTPS servers. Default isfalse
. -
:httponly
- Whether this cookie is accessible via scripting or only HTTP. Defaults tofalse
. -
:same_site
- The value of theSameSite
cookie attribute, which determines how this cookie should be restricted in cross-site contexts. Possible values arenil
,:none
,:lax
, and:strict
. Defaults to:lax
.
Constant Summary
-
AUTHENTICATED_ENCRYPTED_COOKIE_SALT =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 194"action_dispatch.authenticated_encrypted_cookie_salt"
-
COOKIES_DIGEST =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 200"action_dispatch.cookies_digest"
-
COOKIES_ROTATIONS =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 201"action_dispatch.cookies_rotations"
-
COOKIES_SAME_SITE_PROTECTION =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 202"action_dispatch.cookies_same_site_protection"
-
COOKIES_SERIALIZER =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 199"action_dispatch.cookies_serializer"
-
CookieOverflow =
Raised when storing more than 4K of session data.
Class.new StandardError
-
ENCRYPTED_COOKIE_CIPHER =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 196"action_dispatch.encrypted_cookie_cipher"
-
ENCRYPTED_COOKIE_SALT =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 192"action_dispatch.encrypted_cookie_salt"
-
ENCRYPTED_SIGNED_COOKIE_SALT =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 193"action_dispatch.encrypted_signed_cookie_salt"
-
GENERATOR_KEY =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 190"action_dispatch.key_generator"
-
HTTP_HEADER =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 189"Set-Cookie"
-
MAX_COOKIE_SIZE =
Cookies
can typically store 4096 bytes.4096
-
SECRET_KEY_BASE =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 198"action_dispatch.secret_key_base"
-
SIGNED_COOKIE_DIGEST =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 197"action_dispatch.signed_cookie_digest"
-
SIGNED_COOKIE_SALT =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 191"action_dispatch.signed_cookie_salt"
-
USE_AUTHENTICATED_COOKIE_ENCRYPTION =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 195"action_dispatch.use_authenticated_cookie_encryption"
-
USE_COOKIES_WITH_METADATA =
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 203"action_dispatch.use_cookies_with_metadata"
Class Method Summary
- .new(app) ⇒ Cookies constructor
Instance Method Summary
Constructor Details
.new(app) ⇒ Cookies
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 683
def initialize(app) @app = app end
Instance Method Details
#call(env)
[ GitHub ]# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 687
def call(env) request = ActionDispatch::Request.new(env) response = @app.call(env) if request. = request. unless .committed? response = Rack::Response[*response] .write(response) end end response.to_a end