Menu
I have RESTful API written on RoR 3. I have to make my application not to send "Set-Cookie header" (clients are authorizing using auth_token parameter).
I have tried to use session :off and reset_session but it does not make any sense. I am using devise as authentication framework.
Here is my ApplicationController
class ApplicationController < ActionController::Base before_filter :reset_session #, :unless => :session_required? session :off #, :unless => :session_required? skip_before_filter :verify_authenticity_token before_filter :access_control_headers! def options render :text => "" end private def access_control_headers! response.headers["Access-Control-Allow-Origin"] = "*" response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS" response.headers["Access-Control-Allow-Credentials"] = "true" response.headers["Access-Control-Allow-Headers"] = "Content-type" end def session_required? !(params[:format] == 'xml' or params[:format] == 'json') end end 
220
Use the built in option.
env['rack.session.options'][:skip] = true or the equivalent
request.session_options[:skip] = true You can find the documentation for it here https://github.com/rack/rack/blob/master/lib/rack/session/abstract/id.rb#L213
90
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
