Skip to content

Instantly share code, notes, and snippets.

@yiichou

yiichou/verify_and_decrypt_session_cookie60beta1.rb

Forked from wildjcrt/verify_and_decrypt_session_cookie60beta1.rb
Last active June 24, 2021 06:45
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save yiichou/b584dc126a5cc6ba8eefde355bc275df to your computer and use it in GitHub Desktop.
Save yiichou/b584dc126a5cc6ba8eefde355bc275df to your computer and use it in GitHub Desktop.
Download ZIP
Decrypt Rails 6.0 beta session cookies
Raw
verify_and_decrypt_session_cookie60beta1.rb
def verify_and_decrypt_session_cookie(session_value, secret_key_base = Rails.application.secret_key_base)
serializer = ActiveSupport::MessageEncryptor::NullSerializer
key_generator = ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000)
secret = key_generator.generate_key('encrypted cookie', 32)
sign_secret = key_generator.generate_key("signed encrypted cookie")
encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, cipher: "aes-256-cbc", serializer: serializer)
encryptor.decrypt_and_verify(CGI::unescape session_value)
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment