The rack-cookie library is a Rack library that uses a cookie as a token to authenticate requests from users that have authenticated earlier using some other method.
rack 1.0.0 or later
use “Rack::Auth::Cookie”, :secret => “foo”, :cookie_name => “my_authentication_cookie”
The default value for cookie_name is “auth_token”
The “secret” option works exactly as in Rails session cookies. This should be set to a hard-to-guess value (not “foo”!) to protect against cookie forgery.
This rack library only handles requests that contain a cookie named “auth_token” (or whatever name was passed as the :cookie_name option). If that is not present, the request is forwarded normally with no changes to the environment.
If the cookie is detected, then it is checked for validity. If valid, then the values stored in the cookie (such as 'AUTH_USER') are copied from the cookie into the environment. If invalid, then env is deleted and env is set to an error message explaining what went wrong.
Daniel Berger Charlie O'Keefe