diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 99c2287fcb..e4246c46b7 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -165,7 +165,7 @@ def self.build(request)
             host          = request.host
             secure        = request.ssl?
 
-            new(key_generator, host, secure, options_for_req(request))
+            new(key_generator, host, secure, request)
           end
 
           def write(*)
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 8cc9b2cc36..b654078b66 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -150,7 +150,7 @@ module ChainedCookieJars
       #   cookies.permanent.signed[:remember_me] = current_user.id
       #   # => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
       def permanent
-        @permanent ||= PermanentCookieJar.new(self, @key_generator, @options)
+        @permanent ||= PermanentCookieJar.new(self, @key_generator, @request)
       end
 
       # Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
@@ -170,10 +170,10 @@ def permanent
       #   cookies.signed[:discount] # => 45
       def signed
         @signed ||=
-          if @options[:upgrade_legacy_signed_cookies]
-            UpgradeLegacySignedCookieJar.new(self, @key_generator, @options)
+          if upgrade_legacy_signed_cookies?
+            UpgradeLegacySignedCookieJar.new(self, @key_generator, @request)
           else
-            SignedCookieJar.new(self, @key_generator, @options)
+            SignedCookieJar.new(self, @key_generator, @request)
           end
       end
 
@@ -193,10 +193,10 @@ def signed
       #   cookies.encrypted[:discount] # => 45
       def encrypted
         @encrypted ||=
-          if @options[:upgrade_legacy_signed_cookies]
-            UpgradeLegacyEncryptedCookieJar.new(self, @key_generator, @options)
+          if upgrade_legacy_signed_cookies?
+            UpgradeLegacyEncryptedCookieJar.new(self, @key_generator, @request)
           else
-            EncryptedCookieJar.new(self, @key_generator, @options)
+            EncryptedCookieJar.new(self, @key_generator, @request)
           end
       end
 
@@ -204,12 +204,18 @@ def encrypted
       # Used by ActionDispatch::Session::CookieStore to avoid the need to introduce new cookie stores.
       def signed_or_encrypted
         @signed_or_encrypted ||=
-          if @options[:secret_key_base].present?
+          if @request.secret_key_base.present?
             encrypted
           else
             signed
           end
       end
+
+      private
+
+      def upgrade_legacy_signed_cookies?
+        @request.secret_token.present? && @request.secret_key_base.present?
+      end
     end
 
     # Passing the ActiveSupport::MessageEncryptor::NullSerializer downstream
@@ -219,7 +225,7 @@ def signed_or_encrypted
     module VerifyAndUpgradeLegacySignedMessage # :nodoc:
       def initialize(*args)
         super
-        @legacy_verifier = ActiveSupport::MessageVerifier.new(@options[:secret_token], serializer: ActiveSupport::MessageEncryptor::NullSerializer)
+        @legacy_verifier = ActiveSupport::MessageVerifier.new(@request.secret_token, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
       end
 
       def verify_and_upgrade_legacy_signed_message(name, signed_message)
@@ -248,34 +254,20 @@ class CookieJar #:nodoc:
       # $& => example.local
       DOMAIN_REGEXP = /[^.]*\.([^.]*|..\...|...\...)$/
 
-      def self.options_for_req(req) #:nodoc:
-        { signed_cookie_salt: req.signed_cookie_salt || '',
-          encrypted_cookie_salt: req.encrypted_cookie_salt || '',
-          encrypted_signed_cookie_salt: req.encrypted_signed_cookie_salt || '',
-          secret_token: req.secret_token,
-          secret_key_base: req.secret_key_base,
-          upgrade_legacy_signed_cookies: req.secret_token.present? && req.secret_key_base.present?,
-          serializer: req.cookies_serializer,
-          digest: req.cookies_digest
-        }
-      end
-
       def self.build(req, host, secure, cookies)
         key_generator = req.key_generator
-        options = options_for_req req
-
-        new(key_generator, host, secure, options).tap do |hash|
+        new(key_generator, host, secure, req).tap do |hash|
           hash.update(cookies)
         end
       end
 
-      def initialize(key_generator, host = nil, secure = false, options = {})
+      def initialize(key_generator, host = nil, secure = false, request)
         @key_generator = key_generator
         @set_cookies = {}
         @delete_cookies = {}
         @host = host
         @secure = secure
-        @options = options
+        @request = request
         @cookies = {}
         @committed = false
       end
@@ -405,10 +397,10 @@ def write_cookie?(cookie)
     class PermanentCookieJar #:nodoc:
       include ChainedCookieJars
 
-      def initialize(parent_jar, key_generator, options = {})
+      def initialize(parent_jar, key_generator, request)
         @parent_jar = parent_jar
         @key_generator = key_generator
-        @options = options
+        @request = request
       end
 
       def [](name)
@@ -442,7 +434,7 @@ module SerializedCookieJars # :nodoc:
 
       protected
         def needs_migration?(value)
-          @options[:serializer] == :hybrid && value.start_with?(MARSHAL_SIGNATURE)
+          @request.cookies_serializer == :hybrid && value.start_with?(MARSHAL_SIGNATURE)
         end
 
         def serialize(value)
@@ -462,7 +454,7 @@ def deserialize(name, value)
         end
 
         def serializer
-          serializer = @options[:serializer] || :marshal
+          serializer = @request.cookies_serializer || :marshal
           case serializer
           when :marshal
             Marshal
@@ -474,7 +466,7 @@ def serializer
         end
 
         def digest
-          @options[:digest] || 'SHA1'
+          @request.cookies_digest || 'SHA1'
         end
     end
 
@@ -482,10 +474,10 @@ class SignedCookieJar #:nodoc:
       include ChainedCookieJars
       include SerializedCookieJars
 
-      def initialize(parent_jar, key_generator, options = {})
+      def initialize(parent_jar, key_generator, request)
         @parent_jar = parent_jar
-        @options = options
-        secret = key_generator.generate_key(@options[:signed_cookie_salt])
+        @request = request
+        secret = key_generator.generate_key(request.signed_cookie_salt)
         @verifier = ActiveSupport::MessageVerifier.new(secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
       end
 
@@ -537,16 +529,16 @@ class EncryptedCookieJar #:nodoc:
       include ChainedCookieJars
       include SerializedCookieJars
 
-      def initialize(parent_jar, key_generator, options = {})
+      def initialize(parent_jar, key_generator, request)
         if ActiveSupport::LegacyKeyGenerator === key_generator
           raise "You didn't set secrets.secret_key_base, which is required for this cookie jar. " +
             "Read the upgrade documentation to learn more about this new config option."
         end
 
         @parent_jar = parent_jar
-        @options = options
-        secret = key_generator.generate_key(@options[:encrypted_cookie_salt])
-        sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt])
+        @request = request
+        secret = key_generator.generate_key(request.encrypted_cookie_salt || '')
+        sign_secret = key_generator.generate_key(request.encrypted_signed_cookie_salt || '')
         @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
       end