Ruby rails: sessions: Difference between revisions
From wikinotes
(→Config) |
|||
| Line 21: | Line 21: | ||
|} | |} | ||
</blockquote><!-- Tutorials --> | </blockquote><!-- Tutorials --> | ||
= Cache = | |||
<blockquote> | |||
{{ TODO | | |||
this }} | |||
</blockquote><!-- Cache --> | |||
= ActiveRecord = | |||
<blockquote> | |||
{{ TODO | | |||
this }} | |||
</blockquote><!-- ActiveRecord --> | |||
= MemCache = | |||
<blockquote> | |||
{{ TODO | | |||
this }} | |||
</blockquote><!-- MemCache --> | |||
= Cookies = | = Cookies = | ||
| Line 75: | Line 93: | ||
Rails.application.config.action_dispatch.secret_key_base = 'myawesomesecret' | Rails.application.config.action_dispatch.secret_key_base = 'myawesomesecret' | ||
# hash algorithm used in X cookie type | # hash algorithm used in X cookie type | ||
# ( see avail digests https://docs.ruby-lang.org/en/master/OpenSSL/Digest.html ) | # ( see avail digests https://docs.ruby-lang.org/en/master/OpenSSL/Digest.html ) | ||
Rails.application.config.action_dispatch.cookies_digest = 'SHA512' | Rails.application.config.action_dispatch.cookies_digest = 'SHA512' | ||
Latest revision as of 22:33, 1 September 2021
Documentation
Tutorials
rails 6 cookies https://binarysolo.chapter24.blog/demystifying-cookies-in-rails-6/ rails 4 cookies http://big-elephants.com/2014-01/handling-rails-4-sessions-with-go/
Cache
TODO:
this
ActiveRecord
TODO:
this
MemCache
TODO:
this
Cookies
Cookie Types
Basics
cookies[:mycookie] = "value" # Set-Cookie: mycookie=value; path=/; SameSite=Lax cookies.delete(:mycookie) cookies[:mycookie] = { value: "value", expires: 1.year, secure: true, httponly: true, }Signed Cookies
cookies.signed[:signed_cookie] = "value" # cookie == "${bas64_json_message}--${sha1_hash_of_message}" # message_json == { _rails: { message: "base64_json_value", exp: nil, pur: "cookie.user_id" } } # value == "abcd"Message created using MessageVerifier
Encryted Cookies
cookies.encrypted[:encrypted_cookie] = "value"Config
See documentation for action_dispatch configuration
- cipher (algorithm to encrypt text)
- digest (normally the hashed text, but in this case the algorithm used to produce the hash)
- salt (random text prepended to secret before hashing for additional security)
# arbitrary string, combined with a salt when hashing signed cookies Rails.application.config.action_dispatch.secret_key_base = 'myawesomesecret' # hash algorithm used in X cookie type # ( see avail digests https://docs.ruby-lang.org/en/master/OpenSSL/Digest.html ) Rails.application.config.action_dispatch.cookies_digest = 'SHA512' Rails.application.config.action_dispatch.signed_cookie_digest = 'SHA512' Rails.application.config.action_dispatch.cookies_digest = 'SHA512' # appended to the value, before hashing # ( a fixed string, hashed with the cookie - shared by all cookies ) # ( ? shouldn't we use a different salt for all passwords? ) Rails.application.config.action_dispatch.signed_cookie_salt = 'abcdefg' Rails.application.config.action_dispatch.encrypted_cookie_salt = 'abcdefg' Rails.application.config.action_dispatch.encrypted_signed_cookie_salt = 'abcdefg' Rails.application.config.action_dispatch.authenticated_encrypted_cookie_salt = 'abcdefg' # there are also some other options # see https://edgeguides.rubyonrails.org/configuring.html#configuring-action-dispatch Rails.application.config.action_dispatch.use_authenticated_cookie_encryption Rails.application.config.action_dispatch.use_cookies_with_metadata Rails.application.config.action_dispatch.cookies_rotation Rails.application.config.action_dispatch.encrypted_cookie_cipher
