Decode, and optionally verify the signature of, unencrypted Ruby on Rails cookies.
JavaScript
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
test
.gitignore
.travis.yml
CHANGELOG.md
README.md
index.js
package.json

README.md

Cookie Derail

Build Status

Decode, and optionally verify the signature of, unencrypted Ruby on Rails cookies.

Alternative implementations of this require you to change the default serialization format on the Rails app's side to something like JSON - this does not, instead using a basic (hashes/arrays/strings/numbers only) Marshal parser written in javascript.

Usage

var derail = require('cookie-derail');
var token = '3d8(...snip...)3cc5'

// in an HTTP server / express / whatever connection handler
var cookie = req.cookies._app_session;

Decode a cookie, verifying it has not been tampered with using the Rails app's secret token:

var value = derail.decode(req.cookies._app_session, { secret: token });

Decode a cookie, ignoring the signature:

var value = derail.decode(req.cookies._app_session, { verifySignature: false });

If something goes wrong an exception with details will be thrown.

Tests

npm test

TODO

  • encode as well as decode
  • encrypted cookie support