Include in a cookie jar to allow chaining, e.g. cookies.permanent.signed.

Methods

Instance Public methods

encrypted()

Returns a jar that’ll automatically encrypt cookie values before sending them to the client and will decrypt them for read. If the cookie was tampered with by the user (or a 3rd party), nil will be returned.

If config.action_dispatch.encrypted_cookie_salt and config.action_dispatch.encrypted_signed_cookie_salt are both set, legacy cookies encrypted with HMAC AES-256-CBC will be transparently upgraded.

This jar requires that you set a suitable secret for the verification on your app’s secret_key_base.

Example:

cookies.encrypted[:discount] = 45
# => Set-Cookie: discount=DIQ7fw==--K3n//8vvnSbGq9dA--7Xh91HfLpwzbj1czhBiwOg==; path=/

cookies.encrypted[:discount] # => 45
📝 Source code
# File actionpack/lib/action_dispatch/middleware/cookies.rb, line 258
      def encrypted
        @encrypted ||= EncryptedKeyRotatingCookieJar.new(self)
      end
🔎 See on GitHub

permanent()

Returns a jar that’ll automatically set the assigned cookies to have an expiration date 20 years from now. Example:

cookies.permanent[:prefers_open_id] = true
# => Set-Cookie: prefers_open_id=true; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT

This jar is only meant for writing. You’ll read permanent cookies through the regular accessor.

This jar allows chaining with the signed jar as well, so you can set permanent, signed cookies. Examples:

cookies.permanent.signed[:remember_me] = current_user.id
# => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
📝 Source code
# File actionpack/lib/action_dispatch/middleware/cookies.rb, line 224
      def permanent
        @permanent ||= PermanentCookieJar.new(self)
      end
🔎 See on GitHub

signed()

Returns a jar that’ll automatically generate a signed representation of cookie value and verify it when reading from the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed cookie was tampered with by the user (or a 3rd party), nil will be returned.

This jar requires that you set a suitable secret for the verification on your app’s secret_key_base.

Example:

cookies.signed[:discount] = 45
# => Set-Cookie: discount=BAhpMg==--2c1c6906c90a3bc4fd54a51ffb41dffa4bf6b5f7; path=/

cookies.signed[:discount] # => 45
📝 Source code
# File actionpack/lib/action_dispatch/middleware/cookies.rb, line 240
      def signed
        @signed ||= SignedKeyRotatingCookieJar.new(self)
      end
🔎 See on GitHub

signed_or_encrypted()

Returns the signed or encrypted jar, preferring encrypted if secret_key_base is set. Used by ActionDispatch::Session::CookieStore to avoid the need to introduce new cookie stores.

📝 Source code
# File actionpack/lib/action_dispatch/middleware/cookies.rb, line 264
      def signed_or_encrypted
        @signed_or_encrypted ||=
          if request.secret_key_base.present?
            encrypted
          else
            signed
          end
      end
🔎 See on GitHub