Skip to content

Instantly share code, notes, and snippets.

@babldev

babldev/decode_flask_cookie.py

Last active December 15, 2023 12:02
Show Gist options
  • Star 20 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
  • Save babldev/502364a3f7c9bafaa6db to your computer and use it in GitHub Desktop.
Save babldev/502364a3f7c9bafaa6db to your computer and use it in GitHub Desktop.
Download ZIP
Decode a Flask Session cookie, given the cookie and secret key
@babldev
Copy link
Author

babldev commented Mar 1, 2016

Based on https://github.com/mitsuhiko/flask/blob/84a12afd4dff0c58aceb34c7fc93e3eedbe5005f/flask/sessions.py

@aescalana
Copy link

I think it's easier and more robust to use class inheritance. Take a look at my gist:

https://gist.github.com/aescalana/7e0bc39b95baa334074707f73bc64bfe

@travisreed-wf
Copy link

itsdangerous recently switched to sha512, so depending upon which version of itsdangerous you are using you may need a hashlib.sha512 digest_method

pallets/itsdangerous@24ff676#diff-e4eb329834da3d36278b1b7d943b3bc9R11

@naamancampbell
Copy link

Current line in sessions.py still uses hashlib.sha1

https://github.com/pallets/flask/blob/96726f6a04251bde39ec802080c9008060e0b5b9/src/flask/sessions.py#L316

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment