[ActionDispatch] Don't preset `config.action_dispatch.always_write_cookie` based on environment while initializing app

While I was dealing with cookies the other day, came across the commit https://github.com/rails/rails/commit/2d5a12a50bcd83fcc99865de759b82e661b28698

Currently, the prerequisites of writing cookie are following:

  • request.ssl? # SSL request

  • !cookie[:secure] # No secure flag

  • Rails.env.development? # Development environment

The first two conditions are easily understandable. However the last one is a bit confusing. In development environment, it allows to write cookie, while no in other environments. Upon writing cookies - such general behavior, discrepancy across environments should be smoothed.

If we want to control the behavior of writing cookie, use this configuration directive config.always_write_cookie, however it’s not showing up in any docs.

My plan is to remove Rails.env.development? check and add config.always_write_cookie into docs, so that the behavior can be controlled in certain cases.

Related source files:

See my commit: https://github.com/hlcfan/rails/commit/8fb37e6b1f2ec5d417fa2963c2962ee21c6a9d51. Please let me know your thoughts, thanks!