When trying this crate out with rails 5 sessions, it's unable to currently parse them. While newer versions of rails send sessions in the format of cipher_text--iv--auth_tag, Rails 5 does it a bit different. They encode it more like this: cipher_and_iv_base64_encoded--auth_tag. You need to base64 decode the first part to get ahold of the actual cipher_text and iv.
In your code, it assumes that a session is always in three parts instead of 2 like it is in the case of rails 5 sessions. For a working and fairly robust implementation, I'd look at the message_verifier crate. While working on an Axum extractor for rails session data, I came across both your crate and the aforementioned one as viable implementations. Just thought I'd share my findings and I hope this information can be of some use to you.
When trying this crate out with rails 5 sessions, it's unable to currently parse them. While newer versions of rails send sessions in the format of
cipher_text--iv--auth_tag
, Rails 5 does it a bit different. They encode it more like this:cipher_and_iv_base64_encoded--auth_tag
. You need to base64 decode the first part to get ahold of the actual cipher_text and iv.In your code, it assumes that a session is always in three parts instead of 2 like it is in the case of rails 5 sessions. For a working and fairly robust implementation, I'd look at the message_verifier crate. While working on an Axum extractor for rails session data, I came across both your crate and the aforementioned one as viable implementations. Just thought I'd share my findings and I hope this information can be of some use to you.