class Cookies
Ruby on Rails 5.2.8.1
Since v3.0.20Cookies are read and written through ActionController#cookies.
The cookies being read are the ones received along with the request, the cookies being written will be sent out with the response. Reading a cookie does not get the cookie object itself back, just the value it holds.
Examples of writing:
# Sets a simple session cookie.
# This cookie will be deleted when the user's browser is closed.
cookies[:user_name] = "david"
# Cookie values are String based. Other data types need to be serialized.
cookies[:lat_lon] = JSON.generate([47.68, -122.37])
# Sets a cookie that expires in 1 hour.
cookies[:login] = { value: "XJ-122", expires: 1.hour }
# Sets a cookie that expires at a specific time.
cookies[:login] = { value: "XJ-122", expires: Time.utc(2020, 10, 15, 5) }
# Sets a signed cookie, which prevents users from tampering with its value.
# It can be read using the signed method `cookies.signed[:name]`
cookies.signed[:user_id] = current_user.id
# Sets an encrypted cookie value before sending it to the client which
# prevent users from reading and tampering with its value.
# It can be read using the encrypted method `cookies.encrypted[:name]`
cookies.encrypted[:discount] = 45
# Sets a "permanent" cookie (which expires in 20 years from now).
cookies.permanent[:login] = "XJ-122"
# You can also chain these methods:
cookies.signed.permanent[:login] = "XJ-122"
Examples of reading:
cookies[:user_name] # => "david"
cookies.size # => 2
JSON.parse(cookies[:lat_lon]) # => [47.68, -122.37]
cookies.signed[:login] # => "XJ-122"
cookies.encrypted[:discount] # => 45
Example for deleting:
cookies.delete :user_name
Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
cookies[:name] = {
value: 'a yummy cookie',
expires: 1.year,
domain: 'domain.com'
}
cookies.delete(:name, domain: 'domain.com')
The option symbols for setting cookies are:
-
:value- The cookie’s value. -
:path- The path for which this cookie applies. Defaults to the root of the application. -
:domain- The domain for which this cookie applies so you can restrict to the domain level. If you use a schema like www.example.com and want to share session with user.example.com set:domainto:all. Make sure to specify the:domainoption with:allorArrayagain when deleting cookies.domain: nil # Does not set cookie domain. (default) domain: :all # Allow the cookie for the top most level # domain and subdomains. domain: %w(.example.com .example.org) # Allow the cookie # for concrete domain names. -
:tld_length- When using:domain => :all, this option can be used to explicitly set the TLD length when using a short (<= 3 character) domain that is being interpreted as part of a TLD. For example, to share cookies between user1.lvh.me and user2.lvh.me, set:tld_lengthto 2. -
:expires- The time at which this cookie expires, as a Time orActiveSupport::Durationobject. -
:secure- Whether this cookie is only transmitted to HTTPS servers. Default isfalse. -
:httponly- Whether this cookie is accessible via scripting or only HTTP. Defaults tofalse.
Inherits from
Namespace
Modules
Constants
- ActionDispatch::Cookies::AUTHENTICATED_ENCRYPTED_COOKIE_SALT
- ActionDispatch::Cookies::CookieOverflow
- ActionDispatch::Cookies::COOKIES_DIGEST
- ActionDispatch::Cookies::COOKIES_ROTATIONS
- ActionDispatch::Cookies::COOKIES_SERIALIZER
- ActionDispatch::Cookies::ENCRYPTED_COOKIE_CIPHER
- ActionDispatch::Cookies::ENCRYPTED_COOKIE_SALT
- ActionDispatch::Cookies::ENCRYPTED_SIGNED_COOKIE_SALT
- ActionDispatch::Cookies::GENERATOR_KEY
- ActionDispatch::Cookies::HTTP_HEADER
- ActionDispatch::Cookies::MAX_COOKIE_SIZE
- ActionDispatch::Cookies::SECRET_KEY_BASE
- ActionDispatch::Cookies::SECRET_TOKEN
- ActionDispatch::Cookies::SIGNED_COOKIE_DIGEST
- ActionDispatch::Cookies::SIGNED_COOKIE_SALT
- ActionDispatch::Cookies::USE_AUTHENTICATED_COOKIE_ENCRYPTION
Methods (defined here)
Methods (inherited)
From Object
(17)
- # acts_like?
- # blank?
- # deep_dup
- # duplicable?
- # html_safe?
- # in?
- # instance_values
- # instance_variable_names
- # presence
- # presence_in
- # present?
- # to_param
- # to_query
- # try
- # try!
- # unescape
- # with_options