Rails Cookie对象，Cookie HTTP标头和document.cookie之间的关系 [英] Relationship between the Rails cookie object, the Cookie HTTP header, and document.cookie

问题描述

当我在Javascript中访问 document.cookie 时，会弹出：

 code>'user_credentials = 5beea8874f2db9feb873828'
  

基本上，似乎是一些编码信息。好的。

当我看看标头，我看到完全相同的字符串设置为 user_credentials 还有为 _myapplication_session = BAh7CiIQX 设置的另一个值。与 user_credentials 不同，这包括大写字母和F之后的字母。

因此：

• 什么是 _myapplication_session ？这是否与Rails中的会话对象相关？


• 为什么 _myapplication_session 显示Javascript .cookie ？ 什么是_myapplication_session？是
  这与
  中的会话对象相关Rails？
  
  

  是的，这是Rails标识用户的方式会话

  
  

  为什么_myapplication_session
  显示为Javascript
  document.cookie？

  
  

  我相信Rails在会话cookie上设置 httponly => true ）无法使用客户端脚本访问，如这个SO线程。

  
  

  When I access document.cookie in Javascript, it spits out, say:

  'user_credentials=5beea8874f2db9feb873828'
  

  Basically, what appears to be some encoded information. Fine.

  When I look at the headers, I do see that exact same string being set to user_credentials, but there's also another value being set for _myapplication_session=BAh7CiIQX. Unlike with user_credentials, this one includes capital letters and letters after F.

  So:

  • What is _myapplication_session? Is this related to the session object in Rails?
  • Why doesn't _myapplication_session show up with Javascript document.cookie?

  解决方案

  What is _myapplication_session? Is this related to the session object in Rails?

  Yes, this is the way Rails identifies user sessions.

  Why doesn't _myapplication_session show up with Javascript document.cookie?

  I believe Rails sets httponly=>true on session cookies, which means they are (generally) not accessible using client-side scripts, as described in this SO thread.

  这篇关于Rails Cookie对象，Cookie HTTP标头和document.cookie之间的关系的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！