Cookies are read and written through ActionController#cookies.

The cookies being read are the ones received along with the request, the cookies being written will be sent out with the response. Reading a cookie does not get the cookie object itself back, just the value it holds.

Examples for writing:

  # Sets a simple session cookie.
  cookies[:user_name] = "david"

  # Sets a cookie that expires in 1 hour.
  cookies[:login] = { :value => "XJ-122", :expires => 1.hour.from_now }

Examples for reading:

  cookies[:user_name] # => "david"
  cookies.size        # => 2

Example for deleting:

  cookies.delete :user_name

Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:

 cookies[:key] = {
   :value => 'a yummy cookie',
   :expires => 1.year.from_now,
   :domain => ''

 cookies.delete(:key, :domain => '')

The option symbols for setting cookies are:

  • :value - The cookie‘s value or list of values (as an array).
  • :path - The path for which this cookie applies. Defaults to the root of the application.
  • :domain - The domain for which this cookie applies.
  • :expires - The time at which this cookie expires, as a Time object.
  • :secure - Whether this cookie is a only transmitted to HTTPS servers. Default is false.
  • :httponly - Whether this cookie is accessible via scripting or only HTTP. Defaults to false.
Public Class methods
    # File actionpack/lib/action_controller/cookies.rb, line 47
47:     def self.included(base)
48:       base.helper_method :cookies
49:       base.cattr_accessor :cookie_verifier_secret
50:     end
Protected Instance methods

Returns the cookie container, which operates as described above.

    # File actionpack/lib/action_controller/cookies.rb, line 54
54:       def cookies
55:         @cookies ||=
56:       end