On Encrypted Cookie Sessions
June 16, 2011 § 1 Comment
Once I had finished up with the encrypted-cookie gem, it seemed like a natural extension to convert it into a Rails 3 session store. It operates just like the basic cookie session store, just using an encrypted cookie instead of a signed cookie. It uses the
encrypted-cookie gem, so all the encryption is provided by ActiveSupport::MessageEncryptor. To start using it add the following to your Gemfile:
And change your session store in config/initializers/session_store.rb
AppName::Application.config.session_store :encrypted_cookie_store, :key => '_app_name_session'
The dependencies will include the
encrypted-cookie gem for you. Accessing the session is the same as always:
session[:tid_bit] = "of information" session[:tid_bit] # => "of information"
You can check out the source over on github.
Currently this only works with Rails 3.0.*. All of the session code got switched up for Rails 3.1, so it’s going to take some extra work to get it working for the new release of Rails. Update June 18: Got it working with Rails 3.1. Yay conditional method definitions!!! Sigh…
[…] you should leave to the experts. Encryption is one of them. When I wrote my encrypted cookies and encrypted cookie sessions gems, one of the the things I didn’t want to do was write any sort of encryption routines. […]