You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Save the session id encrypted in a cookie. This makes it difficult for potential hackers to modify cookie contents. They will still be able to see how the session id is generated in the gem's source code, but can't guess the sequence because the session id is encrypted.
Save the session id encrypted in a cookie. This makes it difficult for potential hackers to modify cookie contents. They will still be able to see how the session id is generated in the gem's source code, but can't guess the sequence because the session id is encrypted.
We can use encrypted cookies as Rails does by adding the logic from the Rails encrypted CookieStore.
This uses the secret_token and secret_key_base values as saved in
config/initializers/secret_token.rbfor encryption.This adds quite a bit more code to the code base and requires additional testing of course. I would copy most of the tests from the Rails test suite.
Whoever wants to pick this up is free to do so :)
Extracted from #23
The text was updated successfully, but these errors were encountered: