Create a gist now

Instantly share code, notes, and snippets.

A simple script to decode Rails 4 session cookies
@jordan-brough

This worked for me except that I didn't need the Marshal.load. It blew up with:

TypeError: incompatible marshal file format (can't be read)

The rest worked.

Also FYI the key_size variable is unused.

@nvanexan

I'm also getting ActiveSupport::MessageVerifier::InvalidSignature exception.

Using Rails 4.2.2.

I'm calling the method as follows:

decrypt_session_cookie(params["session_id"], ENV["SECRET_KEY_BASE"])

Where params["session_id"] is the cookie value being passed via ajax from a chrome extension to my app.

Any thoughts? Thanks in advance!

@timscott

Same experience as @jordan-brough. I removed Marshal.load and it worked.

@robvandijk

@nvanexan, did you manage to get rid of the ActiveSupport::MessageVerifier::InvalidSignature exception? I also get this exception...

@robvandijk

Never mind @nvanexan, just figured it out. Had secret_key_base set both in a secrets.yml and in secret_token.rb, with different values, causing the confusion...

@hooverlunch

For some strange reason when I tried to copy the key from Chrome it was not copying anything after the -- at the end, and that was giving me the exception above. I ended up having to type the last 32 chars by hand! Then it worked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment