undefined | Better HN

0 pointspjungwir12y ago0 comments

It is relevant to this:

> I . . . decoded _gist_session cookie (which is regular Rails Base64 encoded cookie)

In Rails 4 the session cookie is encrypted with a server-side secret, so the end user can't decipher it.

0 comments

kneath12y ago

Gist is indeed running Rails 4.

Isn't gist an entirely separate application from dotcom? My impression was gist is a Sinatra app, not Rails.

j / k navigate · click thread line to collapse

0 pointspjungwir12y ago0 comments

It is relevant to this:

> I . . . decoded _gist_session cookie (which is regular Rails Base64 encoded cookie)

In Rails 4 the session cookie is encrypted with a server-side secret, so the end user can't decipher it.

kneath12y ago

Gist is indeed running Rails 4.

Isn't gist an entirely separate application from dotcom? My impression was gist is a Sinatra app, not Rails.

j / k navigate · click thread line to collapse