cookie-derail

0.1.0 • Public • Published

Cookie Derail

Decode, and optionally verify the signature of, unencrypted Ruby on Rails cookies.

Alternative implementations of this require you to change the default serialization format on the Rails app's side to something like JSON - this does not, instead using a basic (hashes/arrays/strings/numbers only) Marshal parser written in javascript.

Usage

var derail = require('cookie-derail');
var token = '3d8(...snip...)3cc5'

// in an HTTP server / express / whatever connection handler
var cookie = req.cookies._app_session;

Decode a cookie, verifying it has not been tampered with using the Rails app's secret token:

var value = derail.decode(req.cookies._app_session, { secret: token });

Decode a cookie, ignoring the signature:

var value = derail.decode(req.cookies._app_session, { verifySignature: false });

If something goes wrong an exception with details will be thrown.

Tests

npm test

TODO

  • encode as well as decode
  • encrypted cookie support

Readme

Keywords

Package Sidebar

Install

npm i cookie-derail

Weekly Downloads

3

Version

0.1.0

License

BSD

Last publish

Collaborators

  • shackpank
  • holidayextras