plug_rails_cookie_session_store icon indicating copy to clipboard operation
plug_rails_cookie_session_store copied to clipboard

Published 20 hours ago verified publisher icon cconstantin

Issues with Rails 5.2.2

Open dyerc opened this issue 6 years ago • 3 comments

In a brand new Rails 5.2.2 app attempting to communicate with a Phoenix 1.4.0 (Cowboy 2.7.0) app I was unable to get this plug to work. After double and triple checking I had the correct environment variables I started to try and figure out where the problem might be.

In message_verifier.ex the verify function looks like it attempts to split a cookie value of something like abcdefgh--abcdef(2 segments). However mine had 3 segments, eg. abcdefgh--abcdef--abcdef.

I downgraded to Rails 5.0.0 and everything immediately started working so I'm guessing it must be a problem with the latest Rails version.

Has anyone else experienced the same issue?

dyerc avatar Feb 02 '19 21:02 dyerc

After further investigation the problem for me is only present in Rails >= 5.2.

5.0.x and 5.1.x all seem to work fine.

dyerc avatar Feb 02 '19 22:02 dyerc

I will have to take a look at the changes in 5.2, things like https://github.com/rails/rails/pull/28132

I'll try to find some time by end of week

cconstantin avatar Feb 06 '19 16:02 cconstantin

@CD1212 Temporary fix for Rails 5.2 is to set Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = false. I have a branch with support for AEAD encryption (default in Rails 5.2), but it fails to decrypt a session cookie generated by a new Rails 5.2. I'm not sure what I'm doing wrong, I'll get back to it later in the week. If anyone can review the code, a fresh pair of eyes might spot the issue: https://github.com/cconstantin/plug_rails_cookie_session_store/pull/15

cconstantin avatar Feb 13 '19 20:02 cconstantin