Issues with Rails 5.2.2

[dyerc]

In a brand new Rails 5.2.2 app attempting to communicate with a Phoenix 1.4.0 (Cowboy 2.7.0) app I was unable to get this plug to work. After double and triple checking I had the correct environment variables I started to try and figure out where the problem might be.

In message_verifier.ex the verify function looks like it attempts to split a cookie value of something like abcdefgh--abcdef(2 segments). However mine had 3 segments, eg. abcdefgh--abcdef--abcdef.

I downgraded to Rails 5.0.0 and everything immediately started working so I'm guessing it must be a problem with the latest Rails version.

Has anyone else experienced the same issue?

[dyerc]

After further investigation the problem for me is only present in Rails >= 5.2.

5.0.x and 5.1.x all seem to work fine.

[cconstantin]

I will have to take a look at the changes in 5.2, things like rails/rails#28132

I'll try to find some time by end of week

[cconstantin]

@CD1212 Temporary fix for Rails 5.2 is to set Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = false. I have a branch with support for AEAD encryption (default in Rails 5.2), but it fails to decrypt a session cookie generated by a new Rails 5.2. I'm not sure what I'm doing wrong, I'll get back to it later in the week. If anyone can review the code, a fresh pair of eyes might spot the issue: #15