How to allow Rails 3 app to read Rails 5 cookies?

Question

I have an old application written on top of Rails 3. The app has a home-rolled authentication system and uses cookies extensively for session, user id, role, etc., information. Although the app is built on Rails 3, it is not a Rails application and the decision has been made to slowly replace it in parts.

We will be putting nginx in front of the old and new apps and using nginx as a pass-through proxy to route different url paths to one of the two applications.

Catch is that the code can't be changed on the Rails 3 app because it will invalidate all existing cookies.

The new, Rails 5, app will be used for authentication and the idea is for it to create a cookie that the old, Rails 3, application can read and use as a single sign on solution.

For the Rails 5 app, we will be using Devise. Rails 5 has encrypted cookies and Rails 3 uses signed encoded cookies. Is there any way of telling Rails 5 to create older Rails 3 style cookies?

The code in the Rails 3 app cannot be changed because it would invalidate all existing cookies.

Answer 1

If you cant change the rails3 app, then you have to tell the Rails5 to use cookies that the rails 3 app can read. Rails 4.1 and earlier use 'Marshal' to serialize the cookies, but Rails 5 defaults to :json for serializing.

If you were just updating a single app, then the solution would be to use :hypbrid serialization, which would slowly migrate all cookies to the new format, however, in your case this would break the Rails3 app. So try setting the cookie_serializer in the App/Config/Initializers to :marshal

Rails.application.config.action_dispatch.cookies_serializer = :marshal

You can also look at this question and answer regarding sharing cookies between Rails 3 and 4: Sharing Cookies between rails 3 and 4