Cookies can typically store 4096 bytes.
Raised when storing more than 4K of session data.
Cookies are read and written through ActionController#cookies.
The cookies being read are the ones received along with the request, the cookies being written will be sent out with the response. Reading a cookie does not get the cookie object itself back, just the value it holds.
Examples of writing:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | # Sets a simple session cookie.# This cookie will be deleted when the user's browser is closed.cookies[:user_name] = "david"# Cookie values are String based. Other data types need to be serialized.cookies[:lat_lon] = JSON.generate([47.68, -122.37])# Sets a cookie that expires in 1 hour.cookies[:login] = { value: "XJ-122", expires: 1.hour.from_now }# Sets a signed cookie, which prevents users from tampering with its value.# The cookie is signed by your app's `secrets.secret_key_base` value.# It can be read using the signed method `cookies.signed[:name]`cookies.signed[:user_id] = current_user.id# Sets a "permanent" cookie (which expires in 20 years from now).cookies.permanent[:login] = "XJ-122"# You can also chain these methods:cookies.permanent.signed[:login] = "XJ-122" |
Examples of reading:
1 2 3 4 | cookies[:user_name] # => "david"cookies.size # => 2JSON.parse(cookies[:lat_lon]) # => [47.68, -122.37]cookies.signed[:login] # => "XJ-122" |
Example for deleting:
1 | cookies.delete :user_name |
Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
1 2 3 4 5 6 7 | cookies[:name] = { value: 'a yummy cookie', expires: 1.year.from_now, domain: 'domain.com'}cookies.delete(:name, domain: 'domain.com') |
The option symbols for setting cookies are:
-
:value- The cookie's value. -
:path- The path for which this cookie applies. Defaults to the root of the application. -
:domain- The domain for which this cookie applies so you can restrict to the domain level. If you use a schema like www.example.com and want to share session with user.example.com set:domainto:all. Make sure to specify the:domainoption with:allorArrayagain when deleting cookies.12345domain:nil# Does not sets cookie domain. (default)domain::all# Allow the cookie for the top most leveldomainandsubdomains.domain: %w(.example.com .example.org)# Allow the cookieforconcrete domain names. -
:expires- The time at which this cookie expires, as a Time object. -
:secure- Whether this cookie is only transmitted to HTTPS servers. Default isfalse. -
:httponly- Whether this cookie is accessible via scripting or only HTTP. Defaults tofalse.