Skip to content

Instantly share code, notes, and snippets.

@profh

profh/decode_session_cookie.rb

Last active June 23, 2021 13:25
Show Gist options
  • Star 36 You must be signed in to star a gist
  • Fork 8 You must be signed in to fork a gist
  • Save profh/e36e5dd0bec124fef04c to your computer and use it in GitHub Desktop.
Save profh/e36e5dd0bec124fef04c to your computer and use it in GitHub Desktop.
Download ZIP
A simple script to decode Rails 4 session cookies
@tiwi
Copy link

tiwi commented Feb 12, 2020

I mocked Rails behavior from ActionDispatch::Cookies:

env = {
  "action_dispatch.signed_cookie_salt" => Rails.application.config.action_dispatch.signed_cookie_salt,
  "action_dispatch.encrypted_cookie_salt" => Rails.application.config.action_dispatch.encrypted_cookie_salt,
  "action_dispatch.encrypted_signed_cookie_salt" => Rails.application.config.action_dispatch.encrypted_signed_cookie_salt,
  "action_dispatch.secret_key_base" => Rails.application.secrets.secret_key_base,
  "action_dispatch.cookies_serializer" => Rails.application.config.action_dispatch.cookies_serializer,
  "action_dispatch.key_generator" => Rails.application.key_generator
}
mock_request = OpenStruct.new
mock_request.env = env
mock_request.cookies = cookies # should be a hash
jar = ActionDispatch::Cookies::CookieJar.build(mock_request)
app_cookies_key = Rails.application.config.session_options[:key]
jar.encrypted[app_cookies_key]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment