rack-session
rack-session copied to clipboard
rack
Add clarity for Issue #42 by documenting that partitioned can be passed when setting up Persisted sessions. Sets a default of false to partitioned in DEFAULT_OPTIONS. Will only be active...
We use the session cookie to maintain state between a front end and the back end running Rails. The front end and back end are typically running on different hosts....
Right now, unless it is ssl, you can't send a secure session cookie. It is perfectly valid to do this for localhost, and very desirable for development. In lib/rack/session/abstract/id.rb, I...
Hi, I was trying to use the JSON serializer and ran into trouble when trying to put an emoji into the session (in real life, this is more likely to...
This default value https://github.com/rack/rack-session/blob/7a4e2dd5625b141e68bb35ecbca2ecae87155c76/lib/rack/session/constants.rb#L9 https://github.com/rack/rack-session/blob/7a4e2dd5625b141e68bb35ecbca2ecae87155c76/lib/rack/session/abstract/id.rb#L241 Isn't used when configuring the `Encryptor` class: https://github.com/rack/rack-session/blob/7a4e2dd5625b141e68bb35ecbca2ecae87155c76/lib/rack/session/cookie.rb#L163-L165 `use Rack::Session::Cookie` and `Rack::Session::Cookie, key: "rack.session"` is the same, both give you a session cookie with key...
Does it makes sense to be able to silence this logging or make it opt-in? https://github.com/rack/rack-session/blob/d2f080c243cac167fc5176c5cf869e23fe7f6ec6/lib/rack/session/cookie.rb#L223-L224 Maybe behind `$VERBOSE` as done here? https://github.com/rack/rack-session/blob/d2f080c243cac167fc5176c5cf869e23fe7f6ec6/lib/rack/session/abstract/id.rb#L397 Looks like it can log the following...
This is a follow-up on #39 that must be merged first. I deliberately avoided allowing `Marshal` serialization in the v2 encryptor because 1) `Marshal` has been a source of RCE...