Module: ActionDispatch::Cookies::ChainedCookieJars

Included in:
CookieJar, EncryptedCookieJar, PermanentCookieJar, SignedCookieJar
Defined in:
actionpack/lib/action_dispatch/middleware/cookies.rb

Overview

Include in a cookie jar to allow chaining, e.g. cookies.permanent.signed

Instance Method Summary collapse

Instance Method Details

#encryptedObject

Returns a jar that’ll automatically encrypt cookie values before sending them to the client and will decrypt them for read. If the cookie was tampered with by the user (or a 3rd party), nil will be returned.

If config.secret_key_base and config.secret_token (deprecated) are both set, legacy cookies signed with the old key generator will be transparently upgraded.

This jar requires that you set a suitable secret for the verification on your app’s config.secret_key_base.

Example:

cookies.encrypted[:discount] = 45
# => Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/

cookies.encrypted[:discount] # => 45


154
155
156
157
158
159
160
161
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 154

def encrypted
  @encrypted ||=
    if @options[:upgrade_legacy_signed_cookies]
      UpgradeLegacyEncryptedCookieJar.new(self, @key_generator, @options)
    else
      EncryptedCookieJar.new(self, @key_generator, @options)
    end
end

#permanentObject

Returns a jar that’ll automatically set the assigned cookies to have an expiration date 20 years from now. Example:

cookies.permanent[:prefers_open_id] = true
# => Set-Cookie: prefers_open_id=true; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT

This jar is only meant for writing. You’ll read permanent cookies through the regular accessor.

This jar allows chaining with the signed jar as well, so you can set permanent, signed cookies. Examples:

cookies.permanent.signed[:remember_me] = current_user.id
# => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT


112
113
114
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 112

def permanent
  @permanent ||= PermanentCookieJar.new(self, @key_generator, @options)
end

#signedObject

Returns a jar that’ll automatically generate a signed representation of cookie value and verify it when reading from the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed cookie was tampered with by the user (or a 3rd party), nil will be returned.

If config.secret_key_base and config.secret_token (deprecated) are both set, legacy cookies signed with the old key generator will be transparently upgraded.

This jar requires that you set a suitable secret for the verification on your app’s config.secret_key_base.

Example:

cookies.signed[:discount] = 45
# => Set-Cookie: discount=BAhpMg==--2c1c6906c90a3bc4fd54a51ffb41dffa4bf6b5f7; path=/

cookies.signed[:discount] # => 45


131
132
133
134
135
136
137
138
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 131

def signed
  @signed ||=
    if @options[:upgrade_legacy_signed_cookies]
      UpgradeLegacySignedCookieJar.new(self, @key_generator, @options)
    else
      SignedCookieJar.new(self, @key_generator, @options)
    end
end

#signed_or_encryptedObject

Returns the signed or encrypted jar, preferring encrypted if secret_key_base is set. Used by ActionDispatch::Session::CookieStore to avoid the need to introduce new cookie stores.



165
166
167
168
169
170
171
172
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 165

def signed_or_encrypted
  @signed_or_encrypted ||=
    if @options[:secret_key_base].present?
      encrypted
    else
      signed
    end
end