encrypted_cookie icon indicating copy to clipboard operation
encrypted_cookie copied to clipboard
verified publisher icon cvonkleist

Support secret rotation

Open danp opened this issue 12 years ago • 4 comments

Rack::Session::Cookie supports an :old_secret which allows for graceful secret rotation without breaking existing sessions. Would be great if EncryptedCookie supported something similar.

cc @tmaher

danp avatar Oct 16 '13 15:10 danp

:+1:

I almost implemented this when I wrote the fixes to the crypto, but in the end, didn't have the time.

namelessjon avatar Oct 17 '13 13:10 namelessjon

Cool, I might take a stab at it if I get time.

danp avatar Oct 17 '13 14:10 danp

+1

mkristian avatar Feb 21 '14 12:02 mkristian

Alternative solution

It's built on top of Rack::Session::Cookie, and you can do this:

use Rack::Session::EncryptedCookie, secret: 'test2', old_secret: 'test'

tonytonyjan avatar Dec 05 '16 15:12 tonytonyjan