Forked from inopinatus/verify_and_decrypt_session_cookie52.rb
Last active
February 11, 2024 16:17
-
-
Save wildjcrt/6359713fa770d277927051fdeb30ebbf to your computer and use it in GitHub Desktop.
Decrypt Rails 6.0 beta session cookies
In case anyone is interested, I put together a gem that makes it easy to incorporate session cookies decryption/encryption into any Rails' project: https://github.com/bgvo/rails_session_cipher
You can read about the motivation in my blog
I got this to work with Rails 7.1 by just removing the line message = ActiveSupport::Messages::Metadata.verify(cookie_payload, "decrypt")
which wasn't working since ActiveSupport::Messages::Metadata.verify
no longer exists
Also wrote a port of this in Typescript for anyone interested https://gist.github.com/felipecsl/a6959e54caf2e53238306e2167e90ba2
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If anyone has issues decrypting cookies outside of Rails in development after updating to Rails 7.1: this might be because the location of the
secret_key_base
was moved fromtmp/development_secret.txt
totmp/local_secret.txt
so a simple
cp tmp/development_secret.txt tmp/local_secret.txt
might fix your issues