Cookies are read and written through ActionController#cookies.

The cookies being read are the ones received along with the request, the cookies being written will be sent out with the response. Reading a cookie does not get the cookie object itself back, just the value it holds.

Examples for writing:

# Sets a simple session cookie.
cookies[:user_name] = "david"
# Sets a cookie that expires in 1 hour.
cookies[:login] = { :value => "XJ-122", :expires => 1.hour.from_now }

Examples for reading:

cookies[:user_name] # => "david"
cookies.size        # => 2

Example for deleting:

cookies.delete :user_name

Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:

cookies[:key] = {
  :value => 'a yummy cookie',
  :expires => 1.year.from_now,
  :domain => ''
cookies.delete(:key, :domain => '')

The option symbols for setting cookies are:

  • :value- The cookie's value or list of values (as an array).

  • :path- The path for which this cookie applies. Defaults to the root of the application.

  • :domain- The domain for which this cookie applies.

  • :expires- The time at which this cookie expires, as a Time object.

  • :secure- Whether this cookie is a only transmitted to HTTPS servers. Default is false.

  • :httponly- Whether this cookie is accessible via scripting or only HTTP. Defaults to false.

Class Public methods
# File actionpack/lib/action_controller/cookies.rb, line 47
def self.included(base)
  base.helper_method :cookies
  base.cattr_accessor :cookie_verifier_secret
Instance Protected methods

Returns the cookie container, which operates as described above.

# File actionpack/lib/action_controller/cookies.rb, line 54
def cookies
  @cookies ||=