Permalink
Browse files

Merge pull request #14431 from chancancode/warn_about_json_cookie_jars

Added a warning about serializing data with JSON cookie jars [skip ci]
  • Loading branch information...
guilleiguaran committed Mar 19, 2014
2 parents c7a307c + 3dad856 commit 0e0fc50477897c5d0d6775a7c95fa38821621d51
Showing with 48 additions and 0 deletions.
  1. +24 −0 guides/source/action_controller_overview.md
  2. +24 −0 guides/source/upgrading_ruby_on_rails.md
@@ -619,6 +619,30 @@ It is also possible to pass a custom serializer that responds to `load` and
Rails.application.config.action_dispatch.cookies_serializer = MyCustomSerializer
```
When using the `:json` or `:hybrid` serializer, you should beware that not all
Ruby objects can be serialized as JSON. For example, `Date` and `Time` objects
will be serialized as strings, and `Hash`es will have their keys stringified.
```ruby
class CookiesController < ApplicationController
def set_cookie
cookies.encrypted[:expiration_date] = Date.tomorrow # => Thu, 20 Mar 2014
redirect_to action: 'read_cookie'
end
def read_cookie
cookies.encrypted[:expiration_date] # => "2014-03-20"
end
end
```
It's advisable that you only store simple data (strings and numbers) in cookies.
If you have to store complex objects, you would need to handle the conversion
manually when reading the values on subsequent requests.
If you use the cookie session store, this would apply to the `session` and
`flash` hash as well.
Rendering XML and JSON data
---------------------------
@@ -111,6 +111,30 @@ in your application, you can add an initializer file with the following content:
This would transparently migrate your existing `Marshal`-serialized cookies into the
new `JSON`-based format.
When using the `:json` or `:hybrid` serializer, you should beware that not all
Ruby objects can be serialized as JSON. For example, `Date` and `Time` objects
will be serialized as strings, and `Hash`es will have their keys stringified.
```ruby
class CookiesController < ApplicationController
def set_cookie
cookies.encrypted[:expiration_date] = Date.tomorrow # => Thu, 20 Mar 2014
redirect_to action: 'read_cookie'
end
def read_cookie
cookies.encrypted[:expiration_date] # => "2014-03-20"
end
end
```
It's advisable that you only store simple data (strings and numbers) in cookies.
If you have to store complex objects, you would need to handle the conversion
manually when reading the values on subsequent requests.
If you use the cookie session store, this would apply to the `session` and
`flash` hash as well.
### Flash structure changes
Flash message keys are

0 comments on commit 0e0fc50

Please sign in to comment.