Skip to content

Instantly share code, notes, and snippets.

@dcorrigan

dcorrigan/verify_and_decrypt_session_cookie60beta1.rb

Forked from wildjcrt/verify_and_decrypt_session_cookie60beta1.rb
Last active September 27, 2022 18:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dcorrigan/c5c3265608806bb80683707224c656a2 to your computer and use it in GitHub Desktop.
Save dcorrigan/c5c3265608806bb80683707224c656a2 to your computer and use it in GitHub Desktop.
Download ZIP
Decrypt Rails 6.0 beta session cookies
Raw
verify_and_decrypt_session_cookie60beta1.rb
# in this version i'm explicitly specifying the serializer to test upgrading from :marshal to :hybrid or :json
require 'cgi'
require 'active_support'
def verify_and_decrypt_session_cookie(
cookie,
serializer = Marshal,
secret_key_base = Rails.application.secret_key_base
)
config = Rails.application.config
cookie = CGI::unescape(cookie)
salt = config.action_dispatch.authenticated_encrypted_cookie_salt
encrypted_cookie_cipher = config.action_dispatch.encrypted_cookie_cipher || 'aes-256-gcm'
key_generator = ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000)
key_len = ActiveSupport::MessageEncryptor.key_len(encrypted_cookie_cipher)
secret = key_generator.generate_key(salt, key_len)
encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: encrypted_cookie_cipher, serializer: serializer)
encryptor.decrypt_and_verify(cookie)
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment