Session 从websocket线程解密Rail 4会话cookie
Rails 4.1.8,ruby 2.1.5p273 我尝试从Session 从websocket线程解密Rail 4会话cookie,session,ruby-on-rails-4,cookies,encryption,em-websocket,Session,Ruby On Rails 4,Cookies,Encryption,Em Websocket,Rails 4.1.8,ruby 2.1.5p273 我尝试从EventMachine::WebSocket线程内部获取会话id session和cookie对象在此不可用,因此需要从websocket握手头手动解密cookie。Cookie是这样的: SFRRZHJGZUtMQnZPeFd2QktjTVc0bVdDQUkvbjhueVczTFpZdG9Ed1ozMGN1dzFjVXhOZGwvOUJLTlZqd29hMDVha3lEN0hleUZtZDZjN2NCa3lIQ0FsWHFoMVQ
EventMachine::WebSocket
线程内部获取会话id
session
和cookie
对象在此不可用,因此需要从websocket握手头手动解密cookie。Cookie是这样的:
SFRRZHJGZUtMQnZPeFd2QktjTVc0bVdDQUkvbjhueVczTFpZdG9Ed1ozMGN1dzFjVXhOZGwvOUJLTlZqd29hMDVha3lEN0hleUZtZDZjN2NCa3lIQ0FsWHFoMVQ0SytaV1U0UHc0emo4L2pNUC9MVVNVQVR4c01JS1FmUS9DejRkN3p4cmVEMXROS1NEZk1uNDcvbXF2VEhzMHMyVEZPZytIMDR0aDd3YUZnPS0tZENYRFVzL1psS0hZRFA5M0l4WGZuZz09--2ed3a27ad19bd19bd3b5bf12d164b53665d5323e
muHBVeeYknNJyb43HpVC3lnlDwJ+rC2NGFtBM2y4Nzu6qA+D1sNkmnQY4nRTJx1kl0znz1kkupGFe/ilRjAg1eJNaxFPJhVmBrkp+TBwu38R7+igGj2edkYkFBCandq9XuFn3ILFYwvszMV6iVc0Z2Ftfg6lyIwPfLi5UJMJM3E=--ZIy+dc//zwk/zs3qsaq9vQ==
我尝试了两种变体,但都失败了
第一种方式:
arr = handshake.headers['Cookie'].split ';'
cookies = {}
arr.each do |rec|
key,value = rec.split '='
cookies[key.strip] = value.strip
end
rack_cookie = Rack::Session::Cookie.new(App, { # App name changed
:key => Rails.application.config.session_options[:key],
:path => '/',
:expire_after => 2592000, #30 days
:secret => Rails.application.secrets.secret_key_base,
:coder => Rack::Session::Cookie::Base64.new
})
sess = cookies[Rails.application.config.session_options[:key]]
return rack_cookie.coder.decode(Rack::Utils.unescape(sess.split('--').first))
有这样的字符串:
SFRRZHJGZUtMQnZPeFd2QktjTVc0bVdDQUkvbjhueVczTFpZdG9Ed1ozMGN1dzFjVXhOZGwvOUJLTlZqd29hMDVha3lEN0hleUZtZDZjN2NCa3lIQ0FsWHFoMVQ0SytaV1U0UHc0emo4L2pNUC9MVVNVQVR4c01JS1FmUS9DejRkN3p4cmVEMXROS1NEZk1uNDcvbXF2VEhzMHMyVEZPZytIMDR0aDd3YUZnPS0tZENYRFVzL1psS0hZRFA5M0l4WGZuZz09--2ed3a27ad19bd19bd3b5bf12d164b53665d5323e
muHBVeeYknNJyb43HpVC3lnlDwJ+rC2NGFtBM2y4Nzu6qA+D1sNkmnQY4nRTJx1kl0znz1kkupGFe/ilRjAg1eJNaxFPJhVmBrkp+TBwu38R7+igGj2edkYkFBCandq9XuFn3ILFYwvszMV6iVc0Z2Ftfg6lyIwPfLi5UJMJM3E=--ZIy+dc//zwk/zs3qsaq9vQ==
当我尝试Marshal.load
此字符串时,出现错误:
TypeError: incompatible marshal file format (can't be read)
format version 4.8 required; 109.117 given
第二种方式:
message = URI.unescape sess # sess from prevois code block, btw sess == message
config = Rails.application.config
key_generator = ActiveSupport::KeyGenerator.new(
Rails.application.secrets.secret_key_base, iterations: 1000
)
secret = key_generator.generate_key(
config.action_dispatch.encrypted_cookie_salt
)
sign_secret = key_generator.generate_key(
config.action_dispatch.encrypted_signed_cookie_salt
)
encryptor = ActiveSupport::MessageEncryptor.new(
secret, sign_secret
)
encryptor.decrypt_and_verify message
获取此错误:
ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::InvalidMessage
如何解密此cookie?更改
ActiveSupport::MessageEncryptor.new(secret, sign_secret)
到
它应该可以工作(使用默认配置)
资料来源: