abdullah/til
1
0
Fork 0
mirror of https://github.com/jbranchaud/til synced 2026-01-03 07:08:01 +00:00
Code Issues Projects Releases Wiki Activity

Add Verify And Read A Signed Cookie Value as a rails til

Browse Source
This commit is contained in:
jbranchaud
2020-12-08 00:32:06 -06:00
parent 7e81696c52
commit 1f9f102831
2 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -9,7 +9,7 @@ and pairing with smart people at Hashrocket.
For a steady stream of TILs, [sign up for my newsletter](https://tinyletter.com/jbranchaud).
_971 TILs and counting..._
_972 TILs and counting..._
---
@@ -645,6 +645,7 @@ _971 TILs and counting..._
- [Truncate Almost All Tables](rails/truncate-almost-all-tables.md)
- [Update Column Versus Update Attribute](rails/update-column-versus-update-attribute.md)
- [Upgrading Your Manifest For Sprocket's 4](rails/upgrading-your-manifest-for-sprockets-4.md)
- [Verify And Read A Signed Cookie Value](rails/verify-and-read-a-signed-cookie-value.md)
- [Where Am I In The Partial Iteration?](rails/where-am-i-in-the-partial-iteration.md)
- [Wipe Out All Precompiled Assets](rails/wipe-out-all-precompiled-assets.md)
- [Write Reversible Migration To Set Default](rails/write-reversible-migration-to-set-default.md)

40
rails/verify-and-read-a-signed-cookie-value.md Normal file
View File

@@ -0,0 +1,40 @@
# Verify And Read A Signed Cookie Value
Let's say a value was added as a [signed
cookie](https://apidock.com/rails/ActionDispatch/Cookies/CookieJar/signed) in a
request:
```ruby
cookies.signed[:discount] = 45
#=> Set-Cookie: discount=BAhpMg==--2c1c6906c90a3bc4fd54a51ffb41dffa4bf6b5f7; path=/
```
Generally to verify and read that value, you'd grab it from the signed cookies
included in the request.
```ruby
cookies.signed[:discount]
#=> 45
```
What if you have the signed cookie value, but not in the context of a `cookies`
object?
You can build a cookie jar from the current request and read the verified value
from that.
```ruby
cookie_value = 'BAhpMg==--2c1c6906c90a3bc4fd54a51ffb41dffa4bf6b5f7'
cookie_hash = { discount: cookie_value }
cookie_jar = ActionDispatch::Cookies::CookieJar.build(request, cookie_hash)
cookie_jar.signed[:discount]
#=> 45
```
It is also possible to [Base64 decode the
value](https://blog.bigbinary.com/2013/03/19/cookies-on-rails.html), however
that doesn't ensure that the value hasn't been tampered with.
[source](https://philna.sh/blog/2020/01/15/test-signed-cookies-in-rails/)