07-18-2023, 03:46 PM
I've got a question about how Rails handles cookie
encryption/decryption.
I've got this in my config/environment.rb
config.action_controller.session = {
:session_key => [some key],
:secret => [some secret]
}
And this in config/environment/production.rb et al.:
ActionController::Base.session_options[:session_domain] = [some
domain]
So far, so good -- as long as all my Rails apps have the same
session_key and secret, and are on the same domain, they can all use
that same cookie.
However, a colleague now has a JSP application (on the same domain),
with which he'd like to read the cookies I have set.
So, given a secret and an encrypted cookie value, how would we decrypt
it to get the contents of that cookie?
(The docs seem to indicate this is one-way SHA1 encryption by default
--
then how would my Rails applications read the contents of a cookie
that is one-way encrypted?)
Thanks in advance for any tips/pointers/insight,
Joe
encryption/decryption.
I've got this in my config/environment.rb
config.action_controller.session = {
:session_key => [some key],
:secret => [some secret]
}
And this in config/environment/production.rb et al.:
ActionController::Base.session_options[:session_domain] = [some
domain]
So far, so good -- as long as all my Rails apps have the same
session_key and secret, and are on the same domain, they can all use
that same cookie.
However, a colleague now has a JSP application (on the same domain),
with which he'd like to read the cookies I have set.
So, given a secret and an encrypted cookie value, how would we decrypt
it to get the contents of that cookie?
(The docs seem to indicate this is one-way SHA1 encryption by default
--
[To see links please register here]
-- butthen how would my Rails applications read the contents of a cookie
that is one-way encrypted?)
Thanks in advance for any tips/pointers/insight,
Joe