zio-http icon indicating copy to clipboard operation
zio-http copied to clipboard

Published 20 hours ago verified publisher icon zio

No way to verify cookie signature

Open govorov opened this issue 1 year ago • 1 comments

Good evening dear team,

As far as I understand, there's no clear way to verify the signature of a request cookie (as of v1.0.0.0-RC29) There's the verify method in Cookie, but it's private.

What's the right way of verifying incoming cookies then? Ideally, I'd expect the server to verify signatures during decoding (like here for example https://github.com/pillarjs/cookies)

Thank you.

govorov avatar Aug 02 '22 23:08 govorov

I think we can make the method public.

At the moment you should get a None if the signature doesn't match. Is there a use case where you would like to read cookies that aren't verified?

tusharmath avatar Aug 04 '22 02:08 tusharmath