Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
A simple script to decode Rails 4 session cookies

This worked for me except that I didn't need the Marshal.load. It blew up with:

TypeError: incompatible marshal file format (can't be read)

The rest worked.

Also FYI the key_size variable is unused.

I'm also getting ActiveSupport::MessageVerifier::InvalidSignature exception.

Using Rails 4.2.2.

I'm calling the method as follows:

decrypt_session_cookie(params["session_id"], ENV["SECRET_KEY_BASE"])

Where params["session_id"] is the cookie value being passed via ajax from a chrome extension to my app.

Any thoughts? Thanks in advance!

Same experience as @jordan-brough. I removed Marshal.load and it worked.

@nvanexan, did you manage to get rid of the ActiveSupport::MessageVerifier::InvalidSignature exception? I also get this exception...

Never mind @nvanexan, just figured it out. Had secret_key_base set both in a secrets.yml and in secret_token.rb, with different values, causing the confusion...

For some strange reason when I tried to copy the key from Chrome it was not copying anything after the -- at the end, and that was giving me the exception above. I ended up having to type the last 32 chars by hand! Then it worked.

talyric commented Mar 30, 2017

@robvandijk Thanks for posting about "secret_key_base set both in a secrets.yml and in secret_token.rb". That was just the clue I needed to solve a problem!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment