Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Rack middleware for authenticating requests using a cookie as a simple token

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 lib
Octocat-spinner-32 test
Octocat-spinner-32 .gitignore
Octocat-spinner-32 .rvmrc
Octocat-spinner-32 CHANGES
Octocat-spinner-32 Gemfile
Octocat-spinner-32 Gemfile.lock
Octocat-spinner-32 MANIFEST
Octocat-spinner-32 README
Octocat-spinner-32 Rakefile
Octocat-spinner-32 rack-auth-cookie.gemspec
README
= Description
The rack-cookie library is a Rack library that uses a cookie as a token to
authenticate requests from users that have authenticated earlier using some
other method.

= Prerequisites
rack 1.0.0 or later

= Usage
use "Rack::Auth::Cookie", :secret => "foo", :cookie_name => "my_authentication_cookie"

= Default Fields
The default value for cookie_name is "auth_token"

= Details
The "secret" option works exactly as in Rails session cookies. This should be
set to a hard-to-guess value (not "foo"!) to protect against cookie forgery.

This rack library only handles requests that contain a cookie named "auth_token"
(or whatever name was passed as the :cookie_name option). If that is not present,
the request is forwarded normally with no changes to the environment.

If the cookie is detected, then it is checked for validity. If valid, then the values
stored in the cookie (such as 'AUTH_USER') are copied from the cookie into the
environment. If invalid, then env['AUTH_USER'] is deleted and env['AUTH_FAIL'] is set to
an error message explaining what went wrong.

Note that if env['AUTH_USER'] or env['AUTH_FAIL'] are already set, then the
request is forwarded normally with no changes to the environment.

= Authors
Daniel Berger
Charlie O'Keefe
Something went wrong with that request. Please try again.