-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rack::Session::Cookie no longer round-trips with JSON coder #1666
Comments
I agree that this is a bug. I have a local fix for it, now just need to add a test and then I'll submit a pull request. |
jeremyevans
added a commit
to jeremyevans/rack
that referenced
this issue
May 28, 2020
…se64::{JSON,Zip} This is an issue because SessionId doesn't round trip through JSON. However, it probably has the same security issue as before SessionId was introduced. It may be better to eliminate the session id completely for cookie sessions, since there is no reason cookie sessions need an id (an id is only needed for memcache/memory/database sessions). Fixes rack#1666
This was referenced Mar 8, 2021
Open
Open
This was referenced Mar 15, 2021
This was referenced Mar 18, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm upgrading an application currently using Rack 1.6.11 to the latest Rack 2.2.2. I'm running in to an issue with
Rack::Session::Cookie
configured withcoder: Rack::Session::Cookie::Base64::JSON.new
:I've reduced this down to:
This worked fine with 1.6.11 (and presumably before, although I haven't tested), and with 2.0.1 through 2.0.7.
1.6.12 and 1.6.13 fail because the json library used (
OkJson
) refuses to encodeRack::Session::SessionId
.2.0.8 fails with
RuntimeError
and no message.2.0.9 is the start of the
NoMethodError: undefined method 'public_id'
error.The text was updated successfully, but these errors were encountered: