Relationship between the Rails cookie object, the Cookie HTTP header, and document.cookie
When I access document.cookie
in Javascript, it spits out, say:
'user_credentials=5beea8874f2db9feb873828'
Basically, what appears to be some encoded informatio开发者_如何学编程n. Fine.
When I look at the headers, I do see that exact same string being set to user_credentials
, but there's also another value being set for _myapplication_session=BAh7CiIQX
. Unlike with user_credentials
, this one includes capital letters and letters after F.
So:
- What is
_myapplication_session
? Is this related to the session object in Rails? - Why doesn't
_myapplication_session
show up with Javascriptdocument.cookie
?
What is _myapplication_session? Is this related to the session object in Rails?
Yes, this is the way Rails identifies user sessions.
Why doesn't _myapplication_session show up with Javascript document.cookie?
I believe Rails sets httponly=>true
on session cookies, which means they are (generally) not accessible using client-side scripts, as described in this SO thread.
精彩评论