In Rails 7.1 the cookie format has changed compared to 7.0. Breaks Phx->Rails, but not Rails->Phx transition.

[jivko-chobanov]

Problem

In Rails 7.1 (which bumps Rack from 2.2.8 to 3.0.9.1 and rack-session to 2.0.0) the cookies are not compatible with Rails 7.0. When I copy in Chrome from Tools - Application tab - Storage section - Cookies the encrypted content of a cookie created in Rails 7.1, make a git checkout to the previous commit where I am on Rails 7.0 and paste the cookie - it is not recognized. But if I do the same between Rails 7.0 and Rails 6.0 it is recognized. Same happens between Rails 7.1 and Phoenix using plug_rails_cookie_session_store, except that the cookies are normally read and used when transitioning from Rails 7.1. to Phoenix, but then when I click on a link back to the Rails 7.1 app - the cookies are not recognized - so it is only the put(conn, _sid, term, opts) that does not work properly, while the get() and init() are fine.

Moreover Rails 7.1 puts the "unrecognized" cookies into the encrypted "message" (cookies[_rails][message][_rails][message]... etc.), so when the user clicks multiple times to switch from Phx to Rails back and forth - the message becomes longer and longer and soon Rails raises ActionDispatch::Cookies::CookieOverflow.

Attempts to solve

I tried 7.1 with older versons of Rack/Rack-sesson, but it did not work.

The :sha -> :sha256 change is done for both 7.0 and 7.1. :sha is only for 6.0 and 6.1. Anyway, since the get() func works, the encryption should not be the problem, but some kind of formatting I guess.

Current bad solution

Revert back to Rails 7.0

Related issue

Probably related to this issue - https://github.com/rails/rails/issues/48195 . But I could not find the "[" prefix as described or any other solution for Rails 7.1.

[cconstantin]

Hi @jivko-chobanov, thanks for submitting this. I'm accepting pull requests, with tests, if you're able to contribute a fix.