rails compatibility #118
Comments
|
Any thoughts on this? I'm getting close to a prod release of my app and I was hoping to create a |
|
Thanks for all the proposals. I agree making it deserialize Rails stuff is a goal per se but we are definitely making Plug more robust with those changes. I think at the end you will likely need a custom store, even because those defaults changes with Rails versions in Rails too. :) |
|
Thanks @josevalim. I'll include the rest into a custom session store (the base16 rails encoding for digest and the encoding of the cookie name and value). |
|
@cconstantin and please publish it on github <3 |
|
@guilleiguaran it will be on hex |
|
For reference until I find the time to package this and submit to hex https://github.com/cconstantin/plug/tree/rails-session has the two changes needed to decode rails session cookies. |
|
Finally got around to publishing a rails compatible cookie store: |
I did a bit of work on getting plug to correctly decrypt the rails session cookies. Here are the differences between plug and rails:
MessageEncryptorfails if salt size if higher than 32 bytes. Ruby/OpenSSL trims the key to 32 bytes.MessageEncryptoruses a custom padding scheme, while rails/openssl uses PKCS7 padding.MessageVerifieruses base64 encoding for digest, while rails uses base16.All but first are breaking changes. Rails compatibility is probably not a goal for plug, and it shouldn't be, but it would definitely make the migration path easier to be able to interoperate with rails.
Do you think it makes sense to make these changes in plug?
I have made the changes on a fork, and validated that I can decode/encode rails session cookies:
https://github.com/cconstantin/plug/commits/rails-compat
Cheers
The text was updated successfully, but these errors were encountered: