class Rack::Protection::EncryptedCookie

def unpacked_cookie_data(request)

def unpacked_cookie_data(request)
  request.fetch_header(RACK_SESSION_UNPACKED_COOKIE_DATA) do |k|
    session_data = cookie_data = request.cookies[@key]
    # Try to decrypt with the first secret, if that returns nil, try
    # with old_secret
    unless @secrets.empty?
      session_data = Rack::Protection::Encryptor.decrypt_message(cookie_data, @secrets.first)
      session_data ||= Rack::Protection::Encryptor.decrypt_message(cookie_data, @secrets[1]) if @secrets.size > 1
    end
    # If session_data is still nil, are there is a legacy HMAC
    # configured, try verify and parse the cookie that way
    if !session_data && @legacy_hmac
      digest = cookie_data.slice!(-@legacy_hmac_length..-1)
      cookie_data.slice!(-2..-1) # remove double dash
      session_data = cookie_data if digest_match?(cookie_data, digest)
      # Decode using legacy HMAC decoder
      request.set_header(k, @legacy_hmac_coder.decode(session_data) || {})
    else
      request.set_header(k, coder.decode(session_data) || {})
    end
  end
end

Modules

Classes

class Rack::Protection::EncryptedCookie

def unpacked_cookie_data(request)

Instance Methods