Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A simple script to decode Rails 4 session cookies
@jordan-brough

This comment has been minimized.

Show comment
Hide comment
@jordan-brough

jordan-brough Sep 3, 2015

This worked for me except that I didn't need the Marshal.load. It blew up with:

TypeError: incompatible marshal file format (can't be read)

The rest worked.

Also FYI the key_size variable is unused.

This worked for me except that I didn't need the Marshal.load. It blew up with:

TypeError: incompatible marshal file format (can't be read)

The rest worked.

Also FYI the key_size variable is unused.

@nvanexan

This comment has been minimized.

Show comment
Hide comment
@nvanexan

nvanexan Sep 14, 2015

I'm also getting ActiveSupport::MessageVerifier::InvalidSignature exception.

Using Rails 4.2.2.

I'm calling the method as follows:

decrypt_session_cookie(params["session_id"], ENV["SECRET_KEY_BASE"])

Where params["session_id"] is the cookie value being passed via ajax from a chrome extension to my app.

Any thoughts? Thanks in advance!

I'm also getting ActiveSupport::MessageVerifier::InvalidSignature exception.

Using Rails 4.2.2.

I'm calling the method as follows:

decrypt_session_cookie(params["session_id"], ENV["SECRET_KEY_BASE"])

Where params["session_id"] is the cookie value being passed via ajax from a chrome extension to my app.

Any thoughts? Thanks in advance!

@timscott

This comment has been minimized.

Show comment
Hide comment
@timscott

timscott Sep 15, 2015

Same experience as @jordan-brough. I removed Marshal.load and it worked.

Same experience as @jordan-brough. I removed Marshal.load and it worked.

@robvandijk

This comment has been minimized.

Show comment
Hide comment
@robvandijk

robvandijk Nov 16, 2015

@nvanexan, did you manage to get rid of the ActiveSupport::MessageVerifier::InvalidSignature exception? I also get this exception...

@nvanexan, did you manage to get rid of the ActiveSupport::MessageVerifier::InvalidSignature exception? I also get this exception...

@robvandijk

This comment has been minimized.

Show comment
Hide comment
@robvandijk

robvandijk Nov 16, 2015

Never mind @nvanexan, just figured it out. Had secret_key_base set both in a secrets.yml and in secret_token.rb, with different values, causing the confusion...

Never mind @nvanexan, just figured it out. Had secret_key_base set both in a secrets.yml and in secret_token.rb, with different values, causing the confusion...

@smoyth

This comment has been minimized.

Show comment
Hide comment
@smoyth

smoyth Jan 19, 2017

For some strange reason when I tried to copy the key from Chrome it was not copying anything after the -- at the end, and that was giving me the exception above. I ended up having to type the last 32 chars by hand! Then it worked.

smoyth commented Jan 19, 2017

For some strange reason when I tried to copy the key from Chrome it was not copying anything after the -- at the end, and that was giving me the exception above. I ended up having to type the last 32 chars by hand! Then it worked.

@talyric

This comment has been minimized.

Show comment
Hide comment
@talyric

talyric Mar 30, 2017

@robvandijk Thanks for posting about "secret_key_base set both in a secrets.yml and in secret_token.rb". That was just the clue I needed to solve a problem!

talyric commented Mar 30, 2017

@robvandijk Thanks for posting about "secret_key_base set both in a secrets.yml and in secret_token.rb". That was just the clue I needed to solve a problem!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment