Reputation: 193
Phoenix Cookies decryption
Using phoenix-framework: I'm trying to read a cookie in an authorization plug. It is a signed cookie, but I can't get it decrypted again. How do I get its value?
Router
pipeline :api do
plug :accepts, ["json"]
plug :fetch_session
plug :put_secure_browser_headers
plug :protect_from_forgery
plug SmiksAanvraagWeb.Plugs.Auth
end
My auth-plug
@moduledoc false
def init(_opts) do
end
def call(conn, _) do
IO.inspect conn.cookies["user"] # RESULT: SFMyNTY.g2gDbQAAAARhYWFhbgYA3I_DCncBYgANLwA.wUU0R4tdGDlFgS_o7GOEN7TqPjzLhmQNEJphJtXdEo8
Upvotes: 1
Views: 1359
Answers (1)
Reputation: 509
A little bit late to the discussion, but we solved by calling fetch_cookies/2 with the :signed option, as written here. For example: fetch_cookies(conn, signed: ["my_cookie_name"]).
Looking at the implementation here, fetch_cookies/2 calls verify_or_decrypt/4, which puts the verified value on conn.cookies instead.
This way we let fetch_cookies/2 handle the verification and decoding of the cookie, instead of having to do manually.
The same applies for encrypted cookies too, using the :encrypted option instead of the :signed option.
Upvotes: 1
Related Questions
- Phoenix Framework: Maliciously Reusing Session Cookie To Access Website
- Phoenix framework send me "cookie named "_toDoListMaster_key" exceeds maximum size of 4096 bytes" when i try to persist an object
- Placing Guardian tokens inside cookies and reading them from there
- Elixir/Phoenix - Accessing user's cookie: conn.cookies vs conn.req_cookies vs conn.req_headers
- Can't set cookies in Plug in test
- HTTPoison with cookies
- Setting cookies before a redirect in Phoenix Framework Elixir
- create_session doesn't set SET-COOKIE header
- Phoenix Framework: set "expires" attribute for response cookies
- Permament cookies in Phoenix Framework