Permalink
Browse files

Migrate hash-based cookie values correctly

  • Loading branch information...
1 parent 0b86a6e commit 7a3ef9842b3cbfe6dbe14700086824d163ce4d51 @chancancode chancancode committed Feb 11, 2014
Showing with 4 additions and 2 deletions.
  1. +4 −2 actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -181,7 +181,7 @@ def initialize(*args)
def verify_and_upgrade_legacy_signed_message(name, signed_message)
@legacy_verifier.verify(signed_message).tap do |value|
- self[name] = value
+ self[name] = { value: value }
@chancancode
chancancode Feb 11, 2014 Member

@guilleiguaran do you know if hash values in signed cookies are supported? e.g.

cookies.signed[:some_key] = { value: { "some": "hash" } }

Currently, this doesn't migrate correctly, because when you assign a Hash to self[name] it gets treated differently, so verify_and_upgrade_legacy_signed_message would actually nullify any hash-based values 😓

The session "hash" escapes this narrowly because it's not actually a Hash...

This change would fix that, if it's supported.

end
rescue ActiveSupport::MessageVerifier::InvalidSignature
nil
@@ -412,7 +412,9 @@ def serialize(name, value)
def deserialize(name, value)
if value
if needs_migration?(value)
- self[name] = Marshal.load(value)
+ Marshal.load(value).tap do |value|
+ self[name] = { value: value }
+ end
else
serializer.load(value)
end

0 comments on commit 7a3ef98

Please sign in to comment.