0.03
No commit activity in last 3 years
No release in over 3 years
There's a lot of open issues
Encrypted session cookies for Rack
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 0.6.2
~> 2.14.1
~> 1.3.4

Runtime

>= 1.1, < 3
 Project Readme

Encrypted session cookies for Rack (and therefore Sinatra)

Ruby

The encrypted_cookie gem provides 256-bit-AES-encrypted, tamper-proof cookies for Rack through the class Rack::Session::EncryptedCookie.

How to use encrypted_cookie

$ gem install encrypted_cookie

Sinatra example:

require 'sinatra'
require 'encrypted_cookie'

use Rack::Session::EncryptedCookie,
  :secret => TYPE_YOUR_LONG_RANDOM_STRING_HERE*

get '/' do
  session[:foo] = 'bar'
  "session: " + session.inspect
end

* Your :secret must be at least 32 bytes long and should be really random. Don't use a password or passphrase, generate something random (see below).

Encryption and integrity protection

The cookie is encrypted with 256-bit AES in CBC mode (with random IV). The encrypted cookie is then signed with a HMAC, to prevent tampering and chosen ciphertext attacks. Any attempt at tampering with the cookie will reset the user to {} (empty hash).

Generating a good secret

Run this in a terminal and paste the output into your script:

$ ruby -rsecurerandom -e "puts SecureRandom.hex(32)"

Developing

To get the specs running:

$ cd path-to-clone
$ gem install bundler # if not already installed
$ bundle install
$ bundle exec rspec

Thanks