Why can't a fully processed Rails cookie be?

Question

Why can't a fully processed Rails cookie be?

One example of a Rails 2.3.8 cookie is

BAh7BzoLZm9vYmFyaQc6D3Nlc3Npb25faWQiJWIzOTRhNGFkNDg1Mjk2NGM2NDU1Mzc4ZTM0YjkzZjE2--67046ba78aa6d656ec7c64e73aac156f5e503627

so I assume that the second part (after --) is the checksum, and if Base64 decoding is done:

$ script/console
Loading development environment (Rails 2.3.8)

 > Base64.decode64("BAh7BzoLZm9vYmFyaQc6D3Nlc3Npb25faWQiJWIzOTRhNGFkNDg1Mjk2NGM2NDU1Mzc4ZTM0YjkzZjE2")
 => "\004\b{\a:\vfoobari\a:\017session_id\"%b394a4ad4852964c6455378e34b93f16" 

 > puts Base64.decode64("BAh7BzoLZm9vYmFyaQc6D3Nlc3Npb25faWQiJWIzOTRhNGFkNDg1Mjk2NGM2NDU1Mzc4ZTM0YjkzZjE2")
{:
  foobari:session_id"%b394a4ad4852964c6455378e34b93f16

supposedly foobarshould have a value of 2, and it won’t show up ... and what session_idif it is based on a cookie - why should it id?

+5

ruby-on-rails

太極者無極而生 Feb 25 '11 at 3:45

source share

1 answer

pseidemann · Accepted Answer · 2011-02-28T21:25:04+0000

The code after --is SHA, hashed with the session sequence defined in the application.

And here about the ID .

Edit:

Marshal.load(Base64.decode64("BAh7BzoLZm9vYmFyaQc6D3Nlc3Npb25faWQiJWIzOTRhNGFkNDg1Mjk2NGM2NDU1Mzc4ZTM0YjkzZjE2--67046ba78aa6d656ec7c64e73aac156f5e503627".split('--').first))

=> {:foobar=>2, :session_id=>"b394a4ad4852964c6455378e34b93f16"}

Why can't a fully processed Rails cookie be?

More articles: