Rails Cookie对象,Cookie HTTP标头和document.cookie之间的关系 [英] Relationship between the Rails cookie object, the Cookie HTTP header, and document.cookie
问题描述
当我在Javascript中访问 document.cookie
时,会弹出:
code>'user_credentials = 5beea8874f2db9feb873828'
基本上,似乎是一些编码信息。好的。
当我看看标头,我看到完全相同的字符串设置为 user_credentials
还有为 _myapplication_session = BAh7CiIQX
设置的另一个值。与 user_credentials
不同,这包括大写字母和F之后的字母。
因此:
- 什么是
_myapplication_session
?这是否与Rails中的会话对象相关? - 为什么
_myapplication_session
显示Javascript.cookie
? 什么是_myapplication_session?是
这与
中的会话对象相关Rails?
是的,这是Rails标识用户的方式会话
为什么_myapplication_session
显示为Javascript
document.cookie?
我相信Rails在会话cookie上设置
httponly => true
)无法使用客户端脚本访问,如这个SO线程。When I access
document.cookie
in Javascript, it spits out, say:'user_credentials=5beea8874f2db9feb873828'
Basically, what appears to be some encoded information. Fine.
When I look at the headers, I do see that exact same string being set to
user_credentials
, but there's also another value being set for_myapplication_session=BAh7CiIQX
. Unlike withuser_credentials
, this one includes capital letters and letters after F.So:
- What is
_myapplication_session
? Is this related to the session object in Rails? - Why doesn't
_myapplication_session
show up with Javascriptdocument.cookie
?
解决方案What is _myapplication_session? Is this related to the session object in Rails?
Yes, this is the way Rails identifies user sessions.
Why doesn't _myapplication_session show up with Javascript document.cookie?
I believe Rails sets
httponly=>true
on session cookies, which means they are (generally) not accessible using client-side scripts, as described in this SO thread.这篇关于Rails Cookie对象,Cookie HTTP标头和document.cookie之间的关系的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- What is