cookies 設定

cookies api
# :value - The cookie‘s value or list of values (as an array).
# :path - The path for which this cookie applies. Defaults to the root of the application.
# :domain - The domain for which this cookie applies.
# :expires - The time at which this cookie expires, as a Time object.
# :secure - Whether this cookie is a only transmitted to HTTPS servers. Default is false.
# :http_only - Whether this cookie is accessible via scripting or only HTTP. Defaults to false.

cookies 的一些觀念
1.要在這個domain 跟 path之下的才能拿, 例如如果把domain設成
ilake.demo.com, demo.demo.com 這樣彼此是不能拿的, 可是設成 demo.com 便可以

2. cookies 誰都可以寫, 寫就是寫了, https 寫的 http 也可以拿, 但是可以設成只有 https 才可以拿, :secure 就是此選項, 而http_only 便是javascript 不能拿

---

另外 rails cookies 裡有 subdomain_fu 在localhost 這種 domain 之下, 有點問題, 把他弄成demo.com 這樣正常的domain, 便可以正常拿到該domain 下的cookies