Module: Authlogic::Session::Cookies::Config

Defined in:

lib/authlogic/session/cookies.rb

Overview

Configuration for the cookie feature set.

Instance Method Summary

• #cookie_key(value = nil) ⇒ Object (also: #cookie_key=)

  The name of the cookie or the key in the cookies hash.

• #httponly(value = nil) ⇒ Object (also: #httponly=)

  Should the cookie be set as httponly? If true, the cookie will not be accessible from javascript.

• #remember_me(value = nil) ⇒ Object (also: #remember_me=)

  If sessions should be remembered by default or not.

• #remember_me_for(value = nil) ⇒ Object (also: #remember_me_for=)

  The length of time until the cookie expires.

• #same_site(value = nil) ⇒ Object (also: #same_site=)

  Should the cookie be prevented from being send along with cross-site requests?.

• #secure(value = nil) ⇒ Object (also: #secure=)

  Should the cookie be set as secure? If true, the cookie will only be sent over SSL connections.

• #sign_cookie(value = nil) ⇒ Object (also: #sign_cookie=)

  Should the cookie be signed? If the controller adapter supports it, this is a measure against cookie tampering.

Instance Method Details

#cookie_key(value = nil) ⇒ Object Also known as: cookie_key=

The name of the cookie or the key in the cookies hash. Be sure and use a unique name. If you have multiple sessions and they use the same cookie it will cause problems. Also, if a id is set it will be inserted into the beginning of the string. Example:

session = UserSession.new
session.cookie_key => "user_credentials"

session = UserSession.new(:super_high_secret)
session.cookie_key => "super_high_secret_user_credentials"

• Default: “#Authlogic::Session::Cookies::Config.klass_nameklass_name.underscore_credentials”

• Accepts: String

# File 'lib/authlogic/session/cookies.rb', line 33

def cookie_key(value = nil)
  rw_config(:cookie_key, value, "#{klass_name.underscore}_credentials")
end

#httponly(value = nil) ⇒ Object Also known as: httponly=

Should the cookie be set as httponly? If true, the cookie will not be accessible from javascript

• Default: true

• Accepts: Boolean

# File 'lib/authlogic/session/cookies.rb', line 71

def httponly(value = nil)
  rw_config(:httponly, value, true)
end

#remember_me(value = nil) ⇒ Object Also known as: remember_me=

If sessions should be remembered by default or not.

• Default: false

• Accepts: Boolean

# File 'lib/authlogic/session/cookies.rb', line 42

def remember_me(value = nil)
  rw_config(:remember_me, value, false)
end

#remember_me_for(value = nil) ⇒ Object Also known as: remember_me_for=

The length of time until the cookie expires.

• Default: 3.months

• Accepts: Integer, length of time in seconds, such as 60 or 3.months

# File 'lib/authlogic/session/cookies.rb', line 51

def remember_me_for(value = nil)
  rw_config(:remember_me_for, value, 3.months)
end

#same_site(value = nil) ⇒ Object Also known as: same_site=

Should the cookie be prevented from being send along with cross-site requests?

• Default: nil

• Accepts: String, one of nil, ‘Lax’ or ‘Strict’

# File 'lib/authlogic/session/cookies.rb', line 81

def same_site(value = nil)
  unless VALID_SAME_SITE_VALUES.include?(value)
    msg = "Invalid same_site value: #{value}. Valid: #{VALID_SAME_SITE_VALUES.inspect}"
    raise ArgumentError.new(msg)
  end
  rw_config(:same_site, value)
end

#secure(value = nil) ⇒ Object Also known as: secure=

Should the cookie be set as secure? If true, the cookie will only be sent over SSL connections

• Default: true

• Accepts: Boolean

# File 'lib/authlogic/session/cookies.rb', line 61

def secure(value = nil)
  rw_config(:secure, value, true)
end

#sign_cookie(value = nil) ⇒ Object Also known as: sign_cookie=

Should the cookie be signed? If the controller adapter supports it, this is a measure against cookie tampering.

# File 'lib/authlogic/session/cookies.rb', line 92

def sign_cookie(value = nil)
  if value && !controller.cookies.respond_to?(:signed)
    raise "Signed cookies not supported with #{controller.class}!"
  end
  rw_config(:sign_cookie, value, false)
end