While I was dealing with cookies the other day, came across the commit https://github.com/rails/rails/commit/2d5a12a50bcd83fcc99865de759b82e661b28698
Currently, the prerequisites of writing cookie are following:
request.ssl? # SSL request
!cookie[:secure] # No secure flag
Rails.env.development? # Development environment
The first two conditions are easily understandable. However the last one is a bit confusing. In development environment, it allows to write cookie, while no in other environments. Upon writing cookies - such general behavior, discrepancy across environments should be smoothed.
If we want to control the behavior of writing cookie, use this configuration directive
config.always_write_cookie, however it’s not showing up in any docs.
My plan is to remove
Rails.env.development? check and add
config.always_write_cookie into docs, so that the behavior can be controlled in certain cases.
Related source files:
See my commit: https://github.com/hlcfan/rails/commit/8fb37e6b1f2ec5d417fa2963c2962ee21c6a9d51. Please let me know your thoughts, thanks!