-
Notifications
You must be signed in to change notification settings - Fork 579
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rails compatibility #118
Comments
Any thoughts on this? I'm getting close to a prod release of my app and I was hoping to create a |
Thanks for all the proposals. I agree making it deserialize Rails stuff is a goal per se but we are definitely making Plug more robust with those changes. I think at the end you will likely need a custom store, even because those defaults changes with Rails versions in Rails too. :) |
Thanks @josevalim. I'll include the rest into a custom session store (the base16 rails encoding for digest and the encoding of the cookie name and value). |
@cconstantin and please publish it on github <3 |
@guilleiguaran it will be on hex |
For reference until I find the time to package this and submit to hex https://github.com/cconstantin/plug/tree/rails-session has the two changes needed to decode rails session cookies. |
Finally got around to publishing a rails compatible cookie store: |
I did a bit of work on getting plug to correctly decrypt the rails session cookies. Here are the differences between plug and rails:
MessageEncryptor
fails if salt size if higher than 32 bytes. Ruby/OpenSSL trims the key to 32 bytes.MessageEncryptor
uses a custom padding scheme, while rails/openssl uses PKCS7 padding.MessageVerifier
uses base64 encoding for digest, while rails uses base16.All but first are breaking changes. Rails compatibility is probably not a goal for plug, and it shouldn't be, but it would definitely make the migration path easier to be able to interoperate with rails.
Do you think it makes sense to make these changes in plug?
I have made the changes on a fork, and validated that I can decode/encode rails session cookies:
https://github.com/cconstantin/plug/commits/rails-compat
Cheers
The text was updated successfully, but these errors were encountered: