What are the possible reasons for CGI :: Session :: CookieStore :: TamperedWithCookie exception in rails

Question

What are the possible reasons for CGI :: Session :: CookieStore :: TamperedWithCookie exception in rails

I get expcetion CGI::Session::CookieStore::TamperedWithCookieafter changing a parameter config.action_controller.session.secretin the application (in preparation for a full deployment.

Do I correctly believe that a change in privacy when testers have a cookie set is the reason for this, and what other reason could it be (both due to secuirty intrusions, and because of encoding problems).

+3

security ruby-on-rails cookies

Laurie young Sep 22 '08 at 9:52

source share

3 answers

sock · Answer 1 · 2008-09-22T14:18:40+0000

The reason for your exclusion will certainly change the secret, while testers set cookies. Cookies are cryptographically signed using classified information that protects users from malicious files. For example, they may try to change their saved user ID to increase their privileges.

You can ask testers to clear their cookies. Or you can catch the exception and delete the cookie for your application. Some sites prefer to use ActiveRecordSession for more control over their sessions, so they drop all sessions as necessary, but at the cost of performance.

Vinko Vrsalovic · Answer 2 · 2008-09-22T09:55:06+0000

, cookie. , cookie , .

ern · Answer 3 · 2010-10-06T02:35:09+0000

I found a plugin on Github that will catch an error and write it to the log without exposing the error to the user. I ran into this problem on an instance of Rails 2.1 and did the trick.

What are the possible reasons for CGI :: Session :: CookieStore :: TamperedWithCookie exception in rails

More articles: