Ruby-on-rails 如何在 ApplicationController 中设置 cookie?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6244402/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to set cookies in ApplicationController?
提问by AndrewShmig
I need to set cookies in my ApplicationController but I'm not sure how. I've tried using cookies - nothing, using ActionController::Cookies - nothing. I don't need anything more then setting and getting cookies but what I do need is to set them in ApplicationController.
我需要在我的 ApplicationController 中设置 cookie,但我不确定如何设置。我试过使用 cookie - 没有,使用 ActionController::Cookies - 没有。除了设置和获取 cookie 之外,我不需要其他任何东西,但我需要的是在ApplicationController 中设置它们。
EDIT:
编辑:
Found the answer: request.cookies['help'] = 'yes'
找到答案: request.cookies['help'] = 'yes'
回答by amit_saxena
What do you mean by setting cookie in application controller? You would set cookie in browser corresponding to some controller action. If you want to set the cookie for all actions then you may consider using a before filter and apply that filter to all your controller actions.
在应用程序控制器中设置cookie是什么意思?您将在浏览器中设置与某些控制器操作相对应的 cookie。如果您想为所有操作设置 cookie,那么您可以考虑使用 before 过滤器并将该过滤器应用于所有控制器操作。
You can set and delete cookies as shown below:
您可以设置和删除cookies,如下所示:
cookies[:key] = {
:value => 'a yummy cookie',
:expires => 1.year.from_now,
:domain => 'domain.com'
}
cookies.delete(:key, :domain => 'domain.com')
Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie.
请注意,如果您在设置 cookie 时指定了 :domain,则在删除 cookie 时也必须指定域。
e.g. cookies[:user_name] = "david"
例如 cookies[:user_name] = "david"
回答by Hymanlin
You can simplify for cookies you want to hang around for a while
你可以简化你想闲逛一段时间的饼干
cookies.permanent[:some_cookie] = "gingerbread"
回答by Vivek Kumar
Cookies are read and written through ActionController#cookies. The cookies being read are the ones received along with the request, the cookies being written will be sent out with the response. Reading a cookie does not get the cookie object itself back, just the value it holds.
Cookie 是通过 ActionController#cookies 读取和写入的。正在读取的 cookie 是与请求一起接收的 cookie,正在写入的 cookie 将与响应一起发送出去。读取 cookie 不会取回 cookie 对象本身,只会取回它所持有的值。
cookies[:appToken] = {
value: 'IOWQ92038192319JKNJKW',
expires: 1.year.from_now,
domain: 'www.example.com',
path: '/admin',
secure: false,
httponly: false,
}
path- The path for which this cookie applies. Defaults to the root of the application.
path- 此 cookie 适用的路径。默认为应用程序的根。
secure- Whether this cookie is only transmitted to HTTPS servers. Default is false.
secure- 此 cookie 是否仅传输到 HTTPS 服务器。默认为false。
httponly- Whether this cookie is accessible via scripting or only HTTP. Defaults to false. If cookie httponlyis set to true, then cookie is accesible through Javascript. This is set for security purpose in order to protect the cookie from an attacker eavesdropping on the communication channel between the browser and the server. However, eavesdropping is not the only attack vector to grab the cookie. The attacker can take advantage of the XSS vulnerability to steal the authentication cookie. It turns out that an HttpOnlyflag can be used to solve this problem.
httponly- 此 cookie 是否可通过脚本访问或仅通过 HTTP 访问。默认为false. 如果 cookiehttponly设置为true,则可以通过 Javascript 访问 cookie。这是出于安全目的而设置的,目的是保护 cookie 免遭攻击者窃听浏览器和服务器之间的通信通道。然而,窃听并不是获取 cookie 的唯一攻击媒介。攻击者可以利用 XSS 漏洞窃取身份验证 cookie。事实证明,HttpOnly可以使用一个标志来解决这个问题。
For more information - https://api.rubyonrails.org/v5.2.1/classes/ActionDispatch/Cookies.html
有关更多信息 - https://api.rubyonrails.org/v5.2.1/classes/ActionDispatch/Cookies.html
