Rails 3 disabling session cookies

前端未结

关注

 10  1976

梦如初夏 2020-11-30 00:06

I have RESTful API written on RoR 3. I have to make my application not to send \"Set-Cookie header\" (clients are authorizing using auth_token parameter).

I have tri

10条回答

予麋鹿 (楼主)

2020-11-30 00:48
The default CookieSessionStore doesn't send a "Set-Cookie" header unless something is added to the session. Is something in your stack writing to the session? (it's probably Devise)

session :off has been deprecated:
```
def session(*args)
  ActiveSupport::Deprecation.warn(
    "Disabling sessions for a single controller has been deprecated. " +
    "Sessions are now lazy loaded. So if you don't access them, " +
    "consider them off. You can still modify the session cookie " +
    "options with request.session_options.", caller)
end
```
If something in your stack is setting session info, you can clear it using session.clear like so:
```
after_filter :clear_session

def clear_session
  session.clear
end
```
Which will prevent the Set-Cookie header from being sent
0 讨论(0)

查看其它10个回答
发布评论:

提交评论
- 加载中...