Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypt and sign session cookies #20

Closed
SergioBenitez opened this issue Nov 22, 2016 · 11 comments
Closed

Encrypt and sign session cookies #20

SergioBenitez opened this issue Nov 22, 2016 · 11 comments
Labels
enhancement A minor feature request
Milestone
0.3.0

Comments

@SergioBenitez
Copy link
Member

No description provided.

@SergioBenitez SergioBenitez added the enhancement A minor feature request label Nov 22, 2016
@SergioBenitez SergioBenitez added this to the 0.1.0 milestone Nov 22, 2016
@SergioBenitez
Copy link
Member Author

SergioBenitez commented Dec 21, 2016
edited
Loading

This is currently blocked on an open PR for Hyper updating its OpenSSL to 0.9 and the Cookies lib to 0.4. Pushing to 0.2.

@SergioBenitez SergioBenitez modified the milestones: 0.2.0, 0.1.0 Dec 21, 2016
@flosse
Copy link

flosse commented Jan 4, 2017

I really hope hyperium/hyper#975 will be merged soon :)

@mgattozzi
Copy link

Should be noted it might not be based off the response from the maintainer here:
hyperium/hyper#985

Seems like it'll remove openssl-sys so as to not cause conflicts/not be breaking change.

@SergioBenitez
Copy link
Member Author

rwf2/cookie-rs#68 will make this possible.

@SergioBenitez
Copy link
Member Author

Unfortunately this must be pushed to 0.3.

@SergioBenitez SergioBenitez modified the milestones: 0.3.0, 0.2.0 Jan 13, 2017
@flosse
Copy link

flosse commented Jan 13, 2017

Seems like it'll remove openssl-sys so as to not cause conflicts/not be breaking change.

It's done in v0.10.0 :)

@SergioBenitez SergioBenitez mentioned this issue Jan 18, 2017
Closed
@Eijebong Eijebong mentioned this issue Feb 14, 2017
Closed
@SergioBenitez
Copy link
Member Author

I've submitted a PR (rwf2/cookie-rs#76) to make this possible. After the PR is in, session support in Rocket should be straightforward.

@majkcramer
Copy link

majkcramer commented Mar 24, 2017
edited
Loading

After the PR is in, session support in Rocket should be straightforward.

PR is in.

@SergioBenitez
Copy link
Member Author

Sessions landed in master ~18 days ago in 16cb729. Aside from the session example, however, sessions are undocumented. This is because the API is likely to change before support lands in 0.3. I'm hoping for a more robust, future-proof solution. That route, however, requires a few more general features to implement.

@danw8 danw8 mentioned this issue May 22, 2017
Open
@pointlessone
Copy link

Session can not be restored after process restart. It appears, some key gets changed on every run and it prevents session from properly decrypting cookies.

I'm not sure if this is a bug or me using it wrong. Also if it needs its own issue here.

@SergioBenitez SergioBenitez mentioned this issue Jun 7, 2017
Closed
@SergioBenitez
Copy link
Member Author

@pointlessone You need to set the secret_key config parameter. Otherwise, Rocket will generate a secret key for you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement A minor feature request
Projects
None yet
Milestone
0.3.0
Development

No branches or pull requests
5 participants
@pointlessone @flosse @SergioBenitez @mgattozzi @majkcramer