Rack_hashed_cookie_session is a project mainly written in Ruby, based on the View license.
Tamper-proof cookie session store for Rack
= This code has been obsoleted by Rack 0.9.0; upgrade Rack, if you can.
Shortly after the first release of this code, Rack 0.9.0 has been published; now Rack::Session::Cookie handles tamper-proof cookies (almost) out of the box. If you're not stuck with an older Rack, upgrade and use the official Cookie class.
= Rack's hashed cookie-based session store
Rack::Session::HashedCookie is just a simple port to Rack of the Action Controller's cookie-based session store. All the praises to the Rails team, all the blames to me.
Remember that the session's content is just hashed to ensure that nobody will tamper with it, so do not store sensitive data in it.
== Basic usage
First, install it with:
$ sudo gem install rack_hashed_cookie_session
Here is how I use it with Sinatra. A rackup-file, a bit spiced up:
require 'rubygems' require 'sinatra' require 'rack/session/hashed_cookie'
root_dir = File.dirname(FILE)
Sinatra::Application.default_options.merge!( :views => File.join(root_dir, 'views'), :app_file => File.join(root_dir, 'app.rb'), :run => false,
:sessions => false,
:env => ENV['RACK_ENV'].nil? ? :development : ENV['RACK_ENV'].to_sym)
use Rack::Session::HashedCookie, :secret => 'my long, difficultly guessable secret'
run Sinatra.application
The Sinatra application will use the session normally:
get '/' do session['user_id'] = 123456 session['just_a_string'] = 'Hello world!' erb :show_the_session end
template :show_the_session do
"Hi! Reload the page to see the session:
<%= session.inspect %>"
end