鉴于会话密钥和秘密,我们如何解密Rails Cookie? [英] Given the session key and secret, how can we decrypt Rails cookies?
问题描述
加密/解密的问题。
我已经在我的config / environment.rb中/ p>
config.action_controller.session = {
:session_key => [一些关键],
:secret => [一些秘密]
}
这在config / environment / production.rb等。:
ActionController :: Base.session_options [:session_domain] = [some
domain]
到目前为止,只要所有的Rails应用程序都具有相同的
session_key和secret,在同一个域中,他们都可以使用
相同的cookie。
但是,同事现在有一个JSP应用程序(在同一个域上),
,他想要阅读我设置的cookies。
所以,给定一个秘密和加密的cookie值,我们将如何解密
获取该cookie的内容?
(文档似乎表明这是默认的单向SHA1加密
- http://caboo.se/doc/classes/CGI/Session/CookieStore.html - 但
那么我的Rails应用程序将如何读取内容一个cookie
,单向加密?)
提前感谢任何提示/指针/洞察力,
Joe
如果直接从存储在应用程序数据库中的会话数据中拉取session.data字段如果您在environment.rb文件中使用active_record_store)
config.action_controller.session_store =:active_record_store
...这里是如何解码它并返回哈希:
Marshal.load(ActiveSupport :: Base64.decode64(@ session.data))
...或在Rails> = 3.2(谢谢Chuck Vose)
Marshal.load(Base64 .decode64(@ session.data)
根本没有加密。
I've got a question about how Rails handles cookie encryption/decryption.
I've got this in my config/environment.rb
config.action_controller.session = {
:session_key => [some key],
:secret => [some secret]
}
And this in config/environment/production.rb et al.:
ActionController::Base.session_options[:session_domain] = [some
domain]
So far, so good -- as long as all my Rails apps have the same session_key and secret, and are on the same domain, they can all use that same cookie.
However, a colleague now has a JSP application (on the same domain), with which he'd like to read the cookies I have set.
So, given a secret and an encrypted cookie value, how would we decrypt it to get the contents of that cookie?
(The docs seem to indicate this is one-way SHA1 encryption by default -- http://caboo.se/doc/classes/CGI/Session/CookieStore.html -- but then how would my Rails applications read the contents of a cookie that is one-way encrypted?)
Thanks in advance for any tips/pointers/insight,
Joe
If you pull the session.data field straight from the session data stored in your app's database (if you are using active_record_store in your environment.rb file)
config.action_controller.session_store = :active_record_store
... here is how you decode it and return the hash:
Marshal.load(ActiveSupport::Base64.decode64(@session.data))
... or in Rails >= 3.2 (thanks Chuck Vose)
Marshal.load(Base64.decode64(@session.data))
It is not encrypted at all.
这篇关于鉴于会话密钥和秘密,我们如何解密Rails Cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!