Popularity
6.6
Declining
Activity
0.0
-
85
3
18

Monthly Downloads: 4,272
Programming language: Elixir
License: MIT License

plug_rails_cookie_session_store alternatives and similar packages

Based on the "Framework Components" category

Do you think we are missing an alternative of plug_rails_cookie_session_store or a related project?

Add another 'Framework Components' Package

README

PlugRailsCookieSessionStore

Rails compatible Plug session store.

This allows you to share session information between Rails and a Plug-based framework like Phoenix.

Installation

Add PlugRailsCookieSessionStore as a dependency to your mix.exs file:

def deps do
  [{:plug_rails_cookie_session_store, "~> 1.0"}]
end

How to use with Phoenix

Copy/share the encryption information from Rails to Phoenix.

There are 4 things to copy:

  • secret_key_base
  • signing_salt
  • encryption_salt
  • session_key

Since Rails 5.2, secret_key_base in test and development is derived as a MD5 hash of the application's name. To fetch key value you can run:

Rails.application.secret_key_base

https://www.rubydoc.info/github/rails/rails/Rails%2FApplication:secret_key_base

The secret_key_base should be copied to Phoenix's config.exs file. There should already be a key named like that and you should override it.

The other three values can be found somewhere in the initializers directory of your Rails project. Some people don't set the signing_salt and encryption_salt. If you don't find them, set them like so:

Rails.application.config.session_store :cookie_store, key: '_SOMETHING_HERE_session'
Rails.application.config.action_dispatch.encrypted_cookie_salt =  'encryption salt'
Rails.application.config.action_dispatch.encrypted_signed_cookie_salt = 'signing salt'

Edit the endpoint.ex file and add the following:

# ...
plug Plug.Session,
  store: PlugRailsCookieSessionStore,
  key: "_SOMETHING_HERE_session",
  domain: '.myapp.com',
  secure: true,
  signing_with_salt: true,
  signing_salt: "signing salt",
  encrypt: true,
  encryption_salt: "encryption salt",
  key_iterations: 1000,
  key_length: 64,
  key_digest: :sha,
  serializer: Poison # see serializer details below
end

Set up a serializer

Plug & Rails must use the same strategy for serializing cookie data.

  • JSON: Since 4.1, Rails defaults to serializing cookie data with JSON. Support this strategy by getting a JSON serializer and passing it to Plug.Session. For example, add Poison to your dependencies, then:
  plug Plug.Session,
    store: PlugRailsCookieSessionStore,
    # ... see encryption config above
    serializer: Poison
  end

You can confirm that your app uses JSON by searching for

  Rails.application.config.action_dispatch.cookies_serializer = :json

in an initializer.

  • Marshal: Previous to 4.1, Rails defaulted to Ruby's Marshal library for serializing cookie data. You can deserialize this by adding ExMarshal to your project and defining a serializer module:
  defmodule RailsMarshalSessionSerializer do
    @moduledoc """
    Share a session with a Rails app using Ruby's Marshal format.
    """
    def encode(value) do
      {:ok, ExMarshal.encode(value)}
    end

    def decode(value) do
      {:ok, ExMarshal.decode(value)}
    end
  end

Then, pass that module as a serializer to Plug.Session:

  plug Plug.Session,
    store: PlugRailsCookieSessionStore,
    # ... see encryption config above
    serializer: RailsMarshalSessionSerializer
  end
  • Rails 3.2: Rails 3.2 uses unsalted signing, to make Phoenix share session with Rails 3.2 project you need to set up ExMarshal mentioned above, with following configuration in your Plug.Session:
  plug Plug.Session,
    store: PlugRailsCookieSessionStore,
    # ... see encryption/ExMarshal config above
    signing_with_salt: false,
  end

That's it!

To test it, set a session value in your Rails application:

session[:foo] = 'bar'

And print it on Phoenix in whatever Controller you want:

Logger.debug get_session(conn, "foo")