Repository is archived
No commit activity in last 3 years
No release in over 3 years
Graceful session key rotation for the signed cookie store in Rails 3.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 1.5
>= 0
>= 0

Runtime

 Project Readme

RailsSessionKeyRotator

Graceful secret key rotation for the signed cookie store in Rails. Use this when you'd rather not sign everyone out to rotate your session secret.

This gem provides a Rack middleware which will regenerate the session cookie with one generated by the new secret if it was written with the old secret. This way we don't have to monkey patch Rails internals and Rails only has to know about the new session key.

Installation

Add this line to your application's Gemfile:

gem 'rails_session_key_rotator'

And then execute:

$ bundle

Usage

In config/application.rb:

config.middleware.insert_before(ActionDispatch::Session::CookieStore, RailsSessionKeyRotator,
                               :old_secret => Secrets.old_session_secret,
                               :new_secret => Secrets.session_secret,
                               :key => 'myapp_session')

Contributing

  1. Fork it ( http://github.com/envato/rails_session_key_rotator/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request