Skip to content

Instantly share code, notes, and snippets.

@inopinatus

inopinatus/verify_and_decrypt_session_cookie52.rb

Created July 29, 2018 10:12
Show Gist options
  • Star 12 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
  • Save inopinatus/e523f36b468f94cf6d34410b73fef15e to your computer and use it in GitHub Desktop.
Save inopinatus/e523f36b468f94cf6d34410b73fef15e to your computer and use it in GitHub Desktop.
Download ZIP
Decrypt Rails 5.2 session cookies
Raw
verify_and_decrypt_session_cookie52.rb
require 'cgi'
require 'active_support'
def verify_and_decrypt_session_cookie(cookie, secret_key_base = Rails.application.secret_key_base)
cookie = CGI::unescape(cookie)
salt = 'authenticated encrypted cookie'
encrypted_cookie_cipher = 'aes-256-gcm'
serializer = ActiveSupport::MessageEncryptor::NullSerializer
key_generator = ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000)
key_len = ActiveSupport::MessageEncryptor.key_len(encrypted_cookie_cipher)
secret = key_generator.generate_key(salt, key_len)
encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: encrypted_cookie_cipher, serializer: serializer)
encryptor.decrypt_and_verify(cookie)
end
@wildjcrt
Copy link

I forked to make it work at Rails6.
https://gist.github.com/wildjcrt/6359713fa770d277927051fdeb30ebbf

@inopinatus
Copy link
Author

@wildjcrt Thank you. I wish you prosperity and a long life.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment