How do you delete a cookie in rails that was set with a wild card domain:
cookies[:foo] = {:value => 'bar', :domain => '.acme.com'}
When, following the docs, you do:
cookies.delete :foo
the logs say
Cookie set: foo=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Notice that the domain is missing (it seems to use the default
params for everything). Respecting the RFC, of course the cookie's
still there, Browser -> ctrl/cmd-L ->
javascript:alert(document.cookie);
VoilĂ !
Q: What's the "correct" way to delete such a cookie?
Pass the :domain on delete as well. Here's the source of that method:
# Removes the cookie on the client machine by setting the value to an empty string
# and setting its expiration date into the past. Like []=, you can pass in an options
# hash to delete cookies with extra data such as a +path+.
def delete(name, options = {})
options.stringify_keys!
set_cookie(options.merge("name" => name.to_s, "value" => "", "expires" => Time.at(0)))
end
As you can see, it just sets an empty cookie with the name you gave, set to expire in 1969, and with no contents. But it does merge in any other options you give, so you can do:
cookies.delete :foo, :domain => '.acme.com'
And you're set.
Related
In the example below I would like anemone to only execute on the root URL (example.com). I am unsure if I should apply the on_page_like method and if so what pattern I would need.
require 'anemone'
Anemone.crawl("http://www.example.com/") do |anemone|
anemone.on_pages_like(???) do |page|
# some code to execute
end
end
require 'anemone'
Anemone.crawl("http://www.example.com/", :depth_limit => 1) do |anemone|
# some code to execute
end
You can also specify the following in the options hash, below are the defaults:
# run 4 Tentacle threads to fetch pages
:threads => 4,
# disable verbose output
:verbose => false,
# don't throw away the page response body after scanning it for links
:discard_page_bodies => false,
# identify self as Anemone/VERSION
:user_agent => "Anemone/#{Anemone::VERSION}",
# no delay between requests
:delay => 0,
# don't obey the robots exclusion protocol
:obey_robots_txt => false,
# by default, don't limit the depth of the crawl
:depth_limit => false,
# number of times HTTP redirects will be followed
:redirect_limit => 5,
# storage engine defaults to Hash in +process_options+ if none specified
:storage => nil,
# Hash of cookie name => value to send with HTTP requests
:cookies => nil,
# accept cookies from the server and send them back?
:accept_cookies => false,
# skip any link with a query string? e.g. http://foo.com/?u=user
:skip_query_strings => false,
# proxy server hostname
:proxy_host => nil,
# proxy server port number
:proxy_port => false,
# HTTP read timeout in seconds
:read_timeout => nil
My personal experience is that Anemone was not very fast and had a lot of corner cases. The docs are lacking (as you have experienced) and the author doesn't seem to be maintaining the project. YMMV. I tried Nutch shortly but didn't play aroud as much but it seemed faster. No benchmarks, sorry.
I have a situation in which two cookies have the same name but slightly different domains (cookie1 has the domain example.com whereas cookie2 has sub-domain inclusive .example.com).
cookies[ :cookie_name ] = { :value => "test_value_cookie_1", :domain => "example.com" }
cookies[ :cookie_name ] = { :value => "test_value_cookie_2", :domain => ".example.com" }
I want to detect when both cookies exist, but unfortunately I can't out figure how to access a cookie by it's own domain. I can say
if cookies[ :cookie_name ].blank?
but how do I say
if cookies[ :cookie_name, :domain => ".example.com" ].blank?
or
if cookies[ :cookie_name ].domain[ ".example.com" ].blank?
I'm using "actionpack-2.3.11/lib/action_controller/cookies". I don't understand why you can set information like the domain, but not access it.
Apparently what I wanted to do was impossible. The HTTP spec only allows cookies to be accessed by name even though they can be set by domain:
When requesting a URL from an HTTP server, the browser will match the
URL against all cookies and if any of them match, a line containing
the name/value pairs of all matching cookies will be included in the
HTTP request. Here is the format of that line: Cookie:
NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2 ...
http://curl.haxx.se/rfc/cookie_spec.html
Can someone point out what the new Rails 3.x session configuration options are?
I'm trying to duplicate the same configuration that I have in my Rails 2.3.x application.
This is the configuration that I used in the application:
#environment.rb
config.action_controller.session_store = :active_record_store
config.action_controller.session = {
:key => '_something', #non-secure for development
:secret => 'really long random string'
}
# production.rb - override environment.rb for production
config.action_controller.session = {
:key => '_something_secure',
:secret => 'really long random string',
:expire_after => 60*60,#time in seconds
:secure => true #The session will now not be sent or received on HTTP requests.
}
However, in Rails 3.x, I can only find mention of the following:
AppName::Application.config.session_store :active_record_store
AppName::Application.config.secret_token = 'really long random string'
AppName::Application.config.cookie_secret = 'another really long random string'
Are there other config settings to control the key, expire_after time, and secure option?
Regarding the latter, if "config.force_ssl = true" is set in production.rb, I assume the secure option is no longer required?
Thanks very much!
You now configure the Cookie-based session store through an initializer, probably in config/initializers/session_store.rb. In Rails 3 the session store is a piece of middleware, and the configuration options are passed in with a single call to config.session_store:
Your::Application.config.session_store :cookie_store, :key => '_session'
You can put any extra options you want in the hash with :key, e.g.
Your::Application.config.session_store :cookie_store, {
:key => '_session_id',
:path => '/',
:domain => nil,
:expire_after => nil,
:secure => false,
:httponly => true,
:cookie_only => true
}
(Those are just the standard defaults)
If you force SSL in production then setting secure on the cookie shouldn't really make a difference in practice, but you might want to set it just to be on the safe side...
Your::Application.config.session_store :cookie_store, {
:key => '_session_id',
:secure => Rails.env.production?
}
I set some cookie values in my form using jQuery. I can read them just fine in my Rails controller via the cookies method. When I call cookies.delete(:my_key), they appear to be gone when I call cookies again. But when I reload the page, the cookies are back again.
Is there a way to delete the cookies for good from inside my controller?
EDIT
This is very strange since I'm looking at the response headers and they seem to be deleting the cookie. Maybe it's because it is a 302 request?
Set-Cookie: my_key=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
For example, your cookie look like this
cookies[:foo] = {:value => 'bar', :domain => '.text.com'}
As you tried this one => cookies.delete :foo
The logs will say => Cookie set: foo=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Notice that the domain is missing. Tried this way
cookies.delete :foo, :domain =>
'.text.com'
Function = >
# Removes the cookie on the client machine by setting the value to an empty string
# and setting its expiration date into the past. Like []=, you can pass in an options
# hash to delete cookies with extra data such as a +path+.
def delete(name, options = {})
options.stringify_keys!
set_cookie(options.merge("name" => name.to_s, "value" => "", "expires" => Time.at(0)))
end
According to the rails api, there is now a delete method, so if you have not set the domain use
cookies.delete :my_key
and if you have set the domain
cookies.delete :my_key, domain: 'mydomain.com'
We can delete the cookies by passing name and options to delete method as follows:
Syntax: delete(name, options = {})
Description: Removes the cookie on the client machine by setting the value to an empty string and the expiration date in the past. Like []=, you can pass in an options hash to delete cookies with extra data such as a :path.
Example:
cookies.delete('JWT', {
value: "",
expires: 1.day.ago,
path: '/api'
})
I setup the cookie store to domain => :all, like I could find in documentation and it seems to work, because devise's authentication works across the multiple domain.
MyApp::Application.config.session_store :cookie_store, :key => '_MyApp.com_session', :domain => :all
However when I am trying myself to write to a cookie, it always write down the sub domain... I don't get it:
I write the cookie in the simplest manner possible:
cookies.permanent[:remember_locale] = locale
But no matter what it won't set it for the top level domain whereas the one dropped by devise seems to manage it without a problem :(
Alex
ps: I am using rails 3.0.3
The configuration for the session_store only applies to the session cookie. When setting a separate cookie you have to specify the domain for that cookie as well.
cookies.permanent[:remember_locale] = { :value => locale, :domain => :all }
Note (pulled from rails source):
# Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
#
# cookies[:key] = {
# :value => 'a yummy cookie',
# :expires => 1.year.from_now,
# :domain => 'domain.com'
# }
#
# cookies.delete(:key, :domain => 'domain.com')