Menu
I have a small app which is used by company staff only. I don't use any 'cookies/session' information from Rails directly. Given current requirements to request acceptance for cookies etc. I would like to completely disable cookies so that Rails doesn't send ANY cookies to the browser with any responses I generate.
370
Description: Removes the cookie on the client machine by setting the value to an empty string and the expiration date in the past. Like []=, you can pass in an options hash to delete cookies with extra data such as a :path.
Cookies are stored in the browser. The browser doesn't care about what's in the cookies you set. It just stores the data and sends it along on future requests to your server. You can think of them as a hash—and indeed, as we'll see later, Rails exposes cookies with a method that behaves much like a hash.
Cookies, Sessions and Flashes are three special objects that Rails gives you in which each behave a lot like hashes. They are used to persist data between requests, whether until just the next request, until the browser is closed, or until a specified expiration has been reached.
To disable cookies completely, use this inside application.rb:
config.middleware.delete ActionDispatch::Cookies
config.middleware.delete ActionDispatch::Session::CookieStore
and in config/initializers/session_store.rb:
Rails.application.config.session_store :disabled
You can find more details at this blog post: http://www.glitchwrks.com/2017/01/16/removing-cookies-sessions-rails-5
Btw, if you need to disable cookies only for some controllers/actions you can use this:
after_action -> { request.session_options[:skip] = true }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
