开发者

Relationship between the Rails cookie object, the Cookie HTTP header, and document.cookie

When I access document.cookie in Javascript, it spits out, say:

'user_credentials=5beea8874f2db9feb873828'

Basically, what appears to be some encoded informatio开发者_如何学编程n. Fine.

When I look at the headers, I do see that exact same string being set to user_credentials, but there's also another value being set for _myapplication_session=BAh7CiIQX. Unlike with user_credentials, this one includes capital letters and letters after F.

So:

  • What is _myapplication_session? Is this related to the session object in Rails?
  • Why doesn't _myapplication_session show up with Javascript document.cookie?


What is _myapplication_session? Is this related to the session object in Rails?

Yes, this is the way Rails identifies user sessions.

Why doesn't _myapplication_session show up with Javascript document.cookie?

I believe Rails sets httponly=>true on session cookies, which means they are (generally) not accessible using client-side scripts, as described in this SO thread.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜