Relationship between Rails cookie, Cookie HTTP header, and document.cookie

Question

Relationship between Rails cookie, Cookie HTTP header, and document.cookie

When I access document.cookie in Javascript, it pops up, say:

 'user_credentials=5beea8874f2db9feb873828'

In principle, some kind of encoded information. Good.

When I look at the headers, I see that the same line is set to user_credentials , but there is another value for _myapplication_session=BAh7CiIQX . Unlike user_credentials , this includes capital letters and letters after F.

So:

What is _myapplication_session ? Is this related to the session object in Rails?
Why is _myapplication_session not showing with Javascript document.cookie ?

+7

javascript ruby-on-rails cookies session

Steven xu Jan 23 '11 at 18:43

source share

1 answer

zetetic · Answer 1 · 2011-01-23T20:54:50+0000

What is _myapplication_session? Is this related to the session object in Rails?

Yes, that’s how Rails identifies user sessions.

Why can't _myapplication_session show using document.cookie with Javascript?

I believe that Rails sets httponly=>true to session cookies, which means that they (usually) are not available using client scripts, as described in this SO topic .

Relationship between Rails cookie, Cookie HTTP header, and document.cookie

More articles: