Embed purpose and expiry metadata inside signed and encrypted and cookies for increased security

chaynHQ / soulmedicine

Soul Medicine a multilingual digital service designed to deliver critical safety information and supportive messaging in bite-sized pieces.

https://soulmedicine.io

MIT License

37 stars 9 forks source link

Embed purpose and expiry metadata inside signed and encrypted and cookies for increased security #350

Closed tarebyte closed 1 year ago

tarebyte commented 1 year ago

From the Rails upgrade documentation:

To improve security, Rails embeds the purpose and expiry metadata inside encrypted or signed cookies value.

Rails can then thwart attacks that attempt to copy the signed/encrypted value of a cookie and use it as the value of another cookie.

This is the last PR we'll ship before cutting over to use 6.0 framework defaults 🎉