Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypted session cookies #1324

Merged
merged 3 commits into from
Jul 15, 2022
Merged

Encrypted session cookies #1324

merged 3 commits into from
Jul 15, 2022

Conversation

mjc-gh
Copy link
Contributor

@mjc-gh mjc-gh commented Jul 10, 2017

PR for issue #1300.

@mjc-gh mjc-gh force-pushed the encrypted-session-cookies branch from 73e152d to d61af09 Compare July 11, 2017 13:18
mjc-gh added 2 commits July 11, 2017 12:11
@mjc-gh
Add Rack::Protection::EncryptedCookie
70da2a4 
This class is a replacement for Rack::Session::Cookie and uses AES
GCM encryption to protect the session data. This new class thus
introduces confidentiality in addition to integrity and authenticity
which is already provided by Rack::Session::Cookie via an HMAC.

This class will also seamlessly upgrade existing session cookies.
@mjc-gh
Simplify Rack::Protection::SessionHijack
7440f22 
The underlying sessions are now fully encrypted. We can just rely on
this feature to protect the header canaries used by SessionHijack.
@mjc-gh mjc-gh force-pushed the encrypted-session-cookies branch from d61af09 to 7440f22 Compare July 11, 2017 16:11
@mjc-gh
Copy link
Contributor Author

mjc-gh commented Jan 17, 2018

Any hope of this eventually getting merged? Should we add a way of opting-in to this feature to start off initially?

/cc @zzak

@namusyaka namusyaka added this to the v2.1.0 milestone Feb 19, 2018
@mjc-gh
Copy link
Contributor Author

mjc-gh commented Feb 19, 2018

@namusyaka I see this was tagged for 2.1.0. Let me know if there's any more work to do on this PR to get it ready for merging. Thanks!

@namusyaka
Copy link
Member

@mikeycgto Yeah we're going to get this in v2.1.0, thank you for your contribution!

@mjc-gh
Copy link
Contributor Author

mjc-gh commented Feb 19, 2018

Excellent! Just ping me here if there's anything that needs to be changed or updated. Thanks again!

@bermannoah
Copy link

bermannoah commented Nov 20, 2018
edited
Loading

Hi there, looks like it's been a while -- any word on this getting merged / released? Anything I could do to help?

@bsene
Copy link

bsene commented Dec 25, 2019

@mjc-gh there are some conflicts , resolve them may make your work to be merged

@namusyaka namusyaka modified the milestones: v2.1.0, v2.1.1 Sep 4, 2020
@jkowens jkowens force-pushed the encrypted-session-cookies branch from fa1efbb to 3f77b86 Compare July 15, 2022 04:36
@jkowens jkowens force-pushed the encrypted-session-cookies branch from 3f77b86 to 6d217ab Compare July 15, 2022 04:42
@jkowens jkowens merged commit e617fab into sinatra:master Jul 15, 2022
@rickselby rickselby mentioned this pull request Oct 2, 2022
Closed
This was referenced Feb 28, 2023
Closed
Merged
@dentarg dentarg mentioned this pull request Sep 11, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.1.1
Development

Successfully merging this pull request may close these issues.
5 participants
@mjc-gh @namusyaka @bermannoah @bsene @jkowens