Class: Rack::Session::Cookie

Inherits:
Object
  • Object
show all
Defined in:
lib/arachni/ui/web/server.rb

Overview

Monkey patch Rack’s cookie management to fix a nil error

See Also:

Instance Method Summary collapse

Instance Method Details



56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
# File 'lib/arachni/ui/web/server.rb', line 56

def unpacked_cookie_data(env)
    env["rack.session.unpacked_cookie_data"] ||= begin
        request = Rack::Request.new(env)
        session_data = request.cookies[@key]

        if @secret && session_data
            session_data, digest = session_data.split("--")
            unless digest == generate_hmac(session_data, @secret)
                # Clear the session data if secret doesn't match and old secret doesn't match
                session_data = nil if (@old_secret.nil? || (digest != generate_hmac(session_data, @old_secret)))
            end
        end

        coder.decode(session_data) || {}
    end
end