Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
session cookie decrypter for Rails 5.1
require 'cgi'
require 'json'
require 'active_support'
def verify_and_decrypt_session_cookie(cookie, secret_key_base = Rails.application.secrets.secret_key_base)
cookie = CGI::unescape(cookie)
salt = 'encrypted cookie'
signed_salt = 'signed encrypted cookie'
key_generator = ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000)
secret = key_generator.generate_key(salt)[0, ActiveSupport::MessageEncryptor.key_len]
sign_secret = key_generator.generate_key(signed_salt)
encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret)
encryptor.decrypt_and_verify(cookie)
end
# Usage:
# cookie = "< the value on the right of `_server_session=<this>`"
# verify_and_decrypt_session_cookie(cookie)
@9mm

This comment has been minimized.

Copy link

@9mm 9mm commented Jul 1, 2018

How do you handle Rails.application.secrets.secret_key_base being nil in development? (for new rails 5.2)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment