I use Rails 4.0.2 and Devise 3.3.0. This application works with both Web clients and mobile clients. Web applications use sessions and mobile applications are authenticated using auth_token that is sent in params with every request.
Right now I can't find a way to prevent Rails from setting and sending cookies to mobile clients - responses always contain
Set-Cookie = request_method=GET; path=/, _myapp_session=<token...>; path=/; HttpOnly
I would highly appreciate any hints on what should I do inside my Rails Controllers by using filters or any custom rack middlewares. Also I guess that this can be solved using some custom Device strategy or something like that.
Let me know if I should provide any additional information.
Thanks.
This solution: Rails 3 disabling session cookies worked for me.
I ended up setting a middleware:
module MyApp
class MobileClientsCookieFilter
def initialize(app)
@app = app
end
def call(env)
status, headers, body = @app.call(env)
request = Rack::Request.new env
if request.params['device'].present? or any other mobile clients checks ok?
headers.delete 'Set-Cookie'
end
[status, headers, body]
end
end
end
and within application.rb
config.middleware.insert_before ::ActionDispatch::Cookies, MyApp::MobileClientsCookieFilter
Looks like similar solution is also possible: to subclass ActionDispatch::Cookies, in case of web clients do super call and do nothing there in case of mobile clients. Then to swap this custom middleware with original ActionDispatch::Cookies. Having it implemented this way no cookies would be created/generated at all for mobile clients.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.