Rails 5.2 app and Cookie Serialization
We were working on migrating existing app built with Spree 2.7, Ruby 2.3 and Rails 4.2 to Spree 3.7, Ruby 2.6.3 and Rails 5.2.3.
We have created a brand new rails 5.2.3 app for this migration. When we replaced old rails app with new rails app, the secret key get changes and so old session and cookies might get invalidated.
We have decided to use old secret key and session_id to avoid complaints from existing active customers.
Everything was working fine until we opened the app in the browser where the cookies were already set in the browser for the older app.
When we opened the app in the browser where cookies where already set, we got the strange error
JSON::ParserError (822: unexpected token at 'I"ZW9uoZhOFpHCdnPfgnQIA:EF'):
The error was annoying as it was hard to debug and it was stopping us to open any page of the app. After taking a deep dive into the codebase, we found that the error occurs when reading the signed cookie for one of the keys.
The cookie was signed with Rails 4.1 and we try to read it in Rails 5.2!
By default Rails 5.2 app uses JSON as cookie serializer.
Applications created earlier than Rails 4.1 uses Marshal to serialize cookie values into the signed and encrypted cookie jars. If you want to use the new JSON-based format in your application, you can add an initializer file with the following content:
Rails.application.config.action_dispatch.cookies_serializer = :hybrid
This would transparently migrate your existing Marshal-serialized cookies into the new JSON-based format.
SPOILER! When using the
:hybrid serializer, you should be aware that not all Ruby objects can be serialized as JSON. For example, Date and Time objects will be serialized as strings, and Hashes will have their keys stringified.
At BoTree Technologies, we build enterprise applications with our RoR team of 25+ engineers.
Consulting is free – let us help you grow!
Choose Your Language
- Digital Marketing
- IT Consulting
- Project Management