Instantly share code, notes, and snippets.

Embed
What would you like to do?
A simple script to decode Rails 4 session cookies
@Mehonoshin

This comment has been minimized.

Copy link

Mehonoshin commented Aug 14, 2015

I'm getting ActiveSupport::MessageVerifier::InvalidSignature exception.
What can be the reason?

@pdfrod

This comment has been minimized.

Copy link

pdfrod commented Aug 26, 2015

Until a few days ago it was working fine for me, but today I also started to get that exception. It might have been related to a Rails upgrade we did recently (we're now using 4.2.3).

Eventually I figured what changes were needed to make the script work again, and the result is here https://gist.github.com/pdfrod/9c3b6b6f9aa1dc4726a5

@mbyczkowski

This comment has been minimized.

Copy link

mbyczkowski commented Mar 8, 2017

I was trying this with Rails 5.0.2 and I needed to trim the secret to be 32 bytes (https://gist.github.com/profh/e36e5dd0bec124fef04c#file-decode_session_cookie-rb-L21).
secret = key_generator.generate_key(salt)[0, 32]

@noraworld

This comment has been minimized.

Copy link

noraworld commented Nov 5, 2017

The example cookie and key works fine, but my development cookie and key doesn't work properly (cause ActiveSupport::MessageVerifier::InvalidSignature or ActiveSupport::MessageVerifier::InvalidMessage).

My cookie separates into two like the following.

Cookie: _session_id=ImVhOWYwNzRhNzE0NmNkNTY3MTllNTk1NDYwOGQxNjA0Ig%3D%3D--7ea05fd744c8920020f6b4ee1580f3b9a3a8f8c6; _testapp_session=ZEZkOFhjSEhZT0FqZW52aFhUaE01eE5aY21jSU5XbVhhWTdtT0NqdkhZQ0lBWElsSC9KNEsrZFFQK0ZBczB0UmpiaWlSbnBycDFDRzFDWklPWFlJYmlOR0xaS1JuNk9uM29OUHlCOHpSa0VYckkyRmtQeFFpVE5MdVBtUFdIc29Ed0ExcE5mcEl6d2RKK3Qzb2tpSTJjaS9GZGh6bStvb0pqM3UxRmVCdFJoQ3N2alBTTWVYSHkxTDZVVjZ1bmZDcXA1OE53SURGbzJnaDNlWlVLdjBBbnN2eUlPcS8rT1N3WTRldkJaSkE2YmxGT1htTC9rVkVYbWZqWW1NcENvS1gvT2M3eVRlVklOWlpOZzJ0Q1dHb3c9PS0tNXI3bUpwSE1pK3lwdlIzQ2dhN3hjdz09--8eeb9117481adeb1d307a42bef8e81e6f3da0790

How do I decrypt this cookie?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment