= Description The rack-cookie library is a Rack library that uses a cookie as a token to authenticate requests from users that have authenticated earlier using some other method.
= Prerequisites rack 1.0.0 or later
= Usage use "Rack::Auth::Cookie", :secret => "foo", :cookie_name => "my_authentication_cookie"
= Default Fields The default value for cookie_name is "auth_token"
= Details The "secret" option works exactly as in Rails session cookies. This should be set to a hard-to-guess value (not "foo"!) to protect against cookie forgery.
This rack library only handles requests that contain a cookie named "auth_token" (or whatever name was passed as the :cookie_name option). If that is not present, the request is forwarded normally with no changes to the environment.
If the cookie is detected, then it is checked for validity. If valid, then the values stored in the cookie (such as 'AUTH_USER') are copied from the cookie into the environment. If invalid, then env['AUTH_USER'] is deleted and env['AUTH_FAIL'] is set to an error message explaining what went wrong.
Note that if env['AUTH_USER'] or env['AUTH_FAIL'] are already set, then the request is forwarded normally with no changes to the environment.
= Authors Daniel Berger Charlie O'Keefe
FAQs
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A new site reviews software projects to reveal if they’re truly FOSS, making complex licensing and distribution models easy to understand.
Security News
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
Security News
The Latio podcast explores how static and runtime reachability help teams prioritize exploitable vulnerabilities and streamline AppSec workflows.
