search

cvonkleist / encrypted_cookie

AES-128 encrypted session cookies for Rack (and Sinatra and other frameworks).
MIT License
53 stars 14 forks source link

Support secret rotation #4

Open danp opened 11 years ago

danp commented 11 years ago

Rack::Session::Cookie supports an :old_secret which allows for graceful secret rotation without breaking existing sessions. Would be great if EncryptedCookie supported something similar.

cc @tmaher

namelessjon commented 11 years ago

:+1:

I almost implemented this when I wrote the fixes to the crypto, but in the end, didn't have the time.

danp commented 11 years ago

Cool, I might take a stab at it if I get time.

mkristian commented 10 years ago

+1

tonytonyjan commented 7 years ago

Alternative solution

It's built on top of Rack::Session::Cookie, and you can do this:

use Rack::Session::EncryptedCookie, secret: 'test2', old_secret: 'test'