rack-session-smart_cookie 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4610e81040f4a6f234cc5365aca0fd89660e7985
+  data.tar.gz: 2d64b237c171b63c1b5791e9f1bf0e904c319e75
+SHA512:
+  metadata.gz: 5209a33d1cc7b7dbf542b0f3a0f016912877118208a4cc610533308521c62c572660490bee9d535e9e803c12935541dabe55b1be6b05dc23dc644741a3beef60
+  data.tar.gz: a80d1588a48494bef580385a852df4636b88377b3e9ee1d3ba11e40bc50b3922fe510741cb603f058b1d84270baf2c22816eb50237acc1cb1bd83d556a158de3

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.travis.yml

@@ -0,0 +1,17 @@
+sudo: false
+language: ruby
+rvm:
+  - ruby-head
+  - 2.4.2
+  - 2.3.5
+  - 2.2.8
+  - jruby-head
+  - jruby-9.1.13.0
+  - jruby-9.0.5.0
+env:
+  - RACK_VERSION='~> 2.0.0'
+before_install: gem install bundler -v 1.15.4
+matrix:
+  allow_failures:
+    - rvm: ruby-head
+    - rvm: jruby-head

data/Gemfile

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+gemspec
+
+#gem 'openssl', '>= 2.0.3'

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Mike Pastore
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,190 @@
+# Rack::Session::SmartCookie
+
+The version of Rack::Session::Cookie that ships with Rack 2 has the following
+limitations:
+
+* Insecure SHA1 (HMAC-SHA1) by default
+* Slow and/or bloated JSON, ZipJSON, or Marshal encoding out of the box
+* JSON encodings do not preserve Symbols
+* Digest is double-encoded and bloated (hexdigest of a base64)
+* Base64-encoded strings contain unecessary padding and characters that need to
+  be escaped (e.g. `/` becomes `%2F`), wasting precious cookie bytes
+* It has some bugs in the size check that may lead to truncated cookies, token
+  leakage, and/or cross-site request forgery
+
+Of course, none of these are true show-stoppers, and the worst can be worked
+around by passing e.g. `:hmac` and `:coder` to the initializer. But we are nice
+people and we deserve nice things. This gem provides a minor derivative of
+Rack::Session::Cookie with the following improvements:
+
+* Secure SHA2 (HMAC-SHA-256) by default
+* Compact binary serialization format (currently [MessagePack][3] but will
+  likely change to [CBOR][4] in the future) out of the box
+* Symbols are preserved with the default `:coder`
+* Digest is single-encoded and compact (base64 of a digest)
+* Base64-encoded strings are not padded and conform to URL-encoded form data
+  (e.g. `/` becomes `_`)
+* It does not perform a size check (use [Rack::Protection::MaximumCookie][2]
+  if you care about cookie limits)
+
+The resultant cookies values with a small-to-medium sized session can be up to
+30% smaller in an apples-to-apples comparison (see below for examples).
+
+### Strategy
+
+The main distinguishing feature of this cf. the stock implementation is that
+the encoding (and decoding) step has been separated into two stages: 1. binary
+serialization and 2. stringification, instead of being combined into a single
+"coder" class. This allows the various cookie components to be either both
+serialized and stringified (in the case of the session payload) or merely
+stringified (in the case of the digest).
+
+The other key realization is that the method Rack uses to escape cookie data
+([URI.encode_www_form_component][5]) will only ever allow URL-safe Base64 plus
+period (`.`) and asterisk (`*`), so there's no sense in using any
+stringification scheme other than URL-safe Base64! It doesn't need to be
+configurable. The serializer remains configurable as the `:coder`.
+
+The remaining differences are mostly just better defaults: MessagePack and
+SHA2.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'rack-session-smart_cookie'
+```
+
+And then execute:
+
+```console
+$ bundle
+```
+
+Or install it yourself as:
+
+```console
+$ gem install rack-session-smart_cookie
+```
+
+## Usage
+
+```ruby
+use Rack::Session::SmartCookie
+```
+
+Rack::Session::SmartCookie accepts the same options as
+[Rack::Session::Cookie][6]. If you choose to override the default `:coder`, it
+should *not* perform the Base64 steps.
+
+You can easily register additional custom types on the default coder's factory:
+
+```ruby
+my_coder = Rack::Session::SmartCookie::MessagePack.new
+my_coder.factory.register_type(0x00, MyCustomType) # 0x60..0xFF are reserved
+
+use Rack::Session::SmartCookie, :coder=>my_coder
+```
+
+## Comparisons
+
+For general size and performance benchmarks of the encoding schemes, see
+[here][1]. Unfortunately, the post is slightly out-of-date and doesn't include
+ZipJSON (Zlib+JSON) results. However, I was able to run the benchmarks locally
+and add ZipJSON. Although it comes in second-most compact at 289 bytes (cf.
+protocol buffers and MessagePack at 204 and 373 bytes, respectively), it was
+97% slower to encode and 91% slower to decode cf. MessagePack.
+
+I put this mock session payload through the following configurations with SHA2
+and 128 sidbits and here are the results:
+
+```ruby
+{
+  :user_id=>514,
+  :roles=>[:user, :moderator, :mailbox],
+  :data=>'{"foo":"bar","qux":21}',
+  :issued_at=>Time.now.to_f,
+  :valid_for=>30*24*3_600
+}
+```
+
+### Rack::Session::Cookie w/ Base64::Marshal
+
+```
+BAh7C0kiD3Nlc3Npb25faWQGOgZFVEkiRTg3MzJkMTEzNDQyZjQyM2FlZGUy%0AMTdmNDY0OWEyOTk5
+MjkyYzg2M2JkNTFlY2VjYjY2ZDAzMTg0MTYzZWE3YTcG%0AOwBGSSIMdXNlcl9pZAY7AEZpAgICSSIK
+cm9sZXMGOwBGWwg6CXVzZXI6Dm1v%0AZGVyYXRvcjoMbWFpbGJveEkiCWRhdGEGOwBGSSIbeyJmb28i
+OiJiYXIiLCJx%0AdXgiOjIxfQY7AFRJIg5pc3N1ZWRfYXQGOwBGZhYxNTA5MjAzMDIzLjI3MzE2%0AN
+UkiDnZhbGlkX2ZvcgY7AEZpAwCNJw%3D%3D%0A--15aebb42ba0ff0a28436556c64eb2ef6d4dc7c6
+a39e164eac0889052cec4f83f
+```
+
+Size: 420 bytes (100%)
+
+Note the percent-encoded characters and hex-encoded digest here and in the
+other Rack::Session::Cookie results.
+
+### Rack::Session::Cookie w/ Base64::JSON
+
+```
+eyJzZXNzaW9uX2lkIjoiMTA4YzM1ZGIxMTFkNWZlMjk5NzUwMTc1Mzc2MzVm%0AMDJlZTIxMjM4ZmIx
+OTg2NDQ0ZTc4MTliY2RjZGQyYjc2YSIsInVzZXJfaWQi%0AOjUxNCwicm9sZXMiOlsidXNlciIsIm1v
+ZGVyYXRvciIsIm1haWxib3giXSwi%0AZGF0YSI6IntcImZvb1wiOlwiYmFyXCIsXCJxdXhcIjoyMX0i
+LCJpc3N1ZWRf%0AYXQiOjE1MDkyMDI5NzEuODk3MzUyLCJ2YWxpZF9mb3IiOjI1OTIwMDB9%0A--7a6
+000bdece71118e768ccffedc645ace865b829536e335c304c00bb9050c625
+```
+
+Size: 377 bytes (90%)
+
+### Rack::Session::Cookie w/ Base64::ZipJSON
+
+```
+eJwdjeGKwyAQhN9lf8uxGrcaX%2BU8wqa7gpCeXEyOQum7V%2FJvZj5m5gVde6%2Ft%0Ad6kCCcok1h
+bvwnqfJLpJ2VkpIXrxSmQZ76uzBb0qzYokSPY2E8aAXDQSg4Gz%0A636NkfUG9rZph%2FR9xYM%2Bmu
+jOR7s0121tT%2FgxIHzwuH9lKK1lSBlW3jOYDH%2Fn%0Ac3hn36NQez9VFj4gWcLZoZsxfN1ioCkY%2
+BOetylLGdHI0IOL7A%2BnjQaI%3D%0A--fc193337b2900b6ce893143b5a52d36b55fafebc21cbde
+83712dce56bbf836f4
+```
+
+Size: 334 bytes (80%)
+
+### Rack::Session::SmartCookie w/ MessagePack
+
+```
+hqpzZXNzaW9uX2lk2UBiMGEzYzhlZTE4NzY3YjcwOTNmNThhN2E4MTI4NTNmNTlmNDYwOTgwMDA5NGY
+1Y2E4MTg5MjFjMjA4ZWQ1ZDY3p3VzZXJfaWTNAgKlcm9sZXOT1gB1c2VyxwkAbW9kZXJhdG9yxwcAbW
+FpbGJveKRkYXRhtnsiZm9vIjoiYmFyIiwicXV4IjoyMX2paXNzdWVkX2F0y0HWfSbUfbp0qXZhbGlkX
+2Zvcs4AJ40A.CRGTAgpN19Iz1plyX14kHmQYWTe0OtFbetqKZmCvSfg
+```
+
+Size: 292 bytes (70%)
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run
+`rake spec` to run the tests. You can also run `bin/console` for an interactive
+prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To
+release a new version, update the version number in `version.rb`, and then run
+`bundle exec rake release`, which will create a git tag for the version, push
+git commits and tags, and push the `.gem` file to
+[rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at
+https://github.com/mwpastore/rack-session-smart_cookie.
+
+## License
+
+The gem is available as open source under the terms of the [MIT
+License](http://opensource.org/licenses/MIT).
+
+[1]: https://gist.github.com/eirc/1300627
+[2]: https://github.com/mwpastore/rack-protection-maximum_cookie
+[3]: https://msgpack.org
+[4]: http://cbor.io
+[5]: https://ruby-doc.org/stdlib-2.4.2/libdoc/uri/rdoc/URI.html#method-c-encode_www_form_component
+[6]: http://www.rubydoc.info/gems/rack/Rack/Session/Cookie

data/Rakefile

@@ -0,0 +1,10 @@
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.libs << 'lib'
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task :default=>:test

data/bin/console

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'irb'
+require 'rack/session/smart_cookie'
+
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install

data/lib/rack-session-smart_cookie.rb

@@ -0,0 +1,2 @@
+# frozen_string_literal: true
+require 'rack/session/smart_cookie'

data/lib/rack/session/smart_cookie.rb

@@ -0,0 +1,163 @@
+# frozen_string_literal: true
+require 'rack/session/smart_cookie/version'
+
+require 'base64'
+require 'msgpack'
+require 'openssl'
+require 'rack/session/cookie'
+
+module Rack
+  module Session
+    class SmartCookie < Cookie
+      BAD_DIGESTS = %w[MD2 MD4 MD5 SHA SHA1].freeze
+      DEFAULT_DIGEST = 'SHA256'
+      SECRET_MIN_BYTESIZE = 16
+
+      class Base64
+        if ::Base64.respond_to?(:urlsafe_encode64) && ::Base64.method(:urlsafe_encode64).arity.abs >= 2
+          def self.encode(data)
+            ::Base64.urlsafe_encode64(data, :padding=>false)
+          end
+
+          def self.decode(str)
+            return unless str
+
+            ::Base64.urlsafe_decode64(str)
+          rescue
+          end
+        else
+          def self.encode(data)
+            ::Base64.urlsafe_encode64(data).tap { |str| str.sub!(/=*\z/, '') }
+          end
+
+          def self.decode(str)
+            return unless str
+
+            num_pad_chars =
+              case str.bytesize % 4
+              when 0 then 0
+              when 2 then 2
+              when 3 then 1
+              else
+                fail 'Invalid Base64-encoded string!'
+              end
+
+            ::Base64.urlsafe_decode64(str + '=' * num_pad_chars)
+          rescue
+          end
+        end
+      end
+
+      class MessagePack
+        attr_reader :factory
+
+        def initialize
+          # Create our own factory so we don't pollute the global namespace
+          # with our custom type.
+          @factory = ::MessagePack::Factory.new
+          # user gets 0x00...0x60
+          # we get 0x60...0x80
+          # MessagePack gets 0x80..0xFF
+          @factory.register_type(0x60, Symbol)
+        end
+
+        def encode(data)
+          # https://github.com/msgpack/msgpack-ruby/issues/141
+          factory.packer.write(data).to_str
+        end
+
+        def decode(bin)
+          return unless bin
+
+          # https://github.com/msgpack/msgpack-ruby/issues/141
+          factory.unpacker.feed(bin).read
+        rescue
+        end
+      end
+
+      def initialize(app, options={})
+        options[:coder] ||= MessagePack.new
+        options[:hmac] = OpenSSL::Digest.const_get(DEFAULT_DIGEST) unless options.key?(:hmac)
+
+        super
+
+        if @secrets.any?
+          hmac = options[:hmac].new
+
+          warn <<-MSG if BAD_DIGESTS.include?(hmac.name)
+        SECURITY WARNING: You have elected to use an old and insecure message
+        digest algorithm (#{hmac.class}).
+
+        Such algorithms are generally considered to be effectively broken. It
+        is strongly recommended that you elect to use a message digest algorithm
+        from the SHA2 family: SHA224, SHA256, SHA384, or SHA512, or one of the
+        derivatives such as SHA512/256. This will help prevent exploits that
+        may be possible from crafted cookies.
+
+        Called from: #{caller[0]}.
+          MSG
+
+          unless (SECRET_MIN_BYTESIZE..hmac.block_length).cover?(@secrets.first.bytesize)
+            show_caveat = hmac.digest_length > SECRET_MIN_BYTESIZE
+
+            message = String.new(<<-MSG)
+        SECURITY WARNING: You have provided a session secret with a sub-optimal
+        byte size.
+
+        It is strongly recommended that you select a secret at least #{SECRET_MIN_BYTESIZE} bytes
+        long#{'*' if show_caveat}, but not longer than the block size (#{hmac.block_length} bytes) of the selected
+        message digest algorithm (#{hmac.class}). This will help
+        prevent exploits that may be possible from crafted cookies.
+            MSG
+
+            message << "\n        " \
+              "* - Ideally, at least #{hmac.digest_length} bytes long.\n" if show_caveat
+
+            message << "\n        " \
+              "Called from: #{caller[0]}."
+
+            warn message
+          end
+        end
+      end
+
+      private
+
+      def unpacked_cookie_data(request)
+        request.fetch_header(RACK_SESSION_UNPACKED_COOKIE_DATA) do |k|
+          bin_session_data = nil
+
+          if (session_data = request.cookies[@key])
+            if @secrets.any?
+              if session_data =~ /\A([^.*]+)\.([^.*]+)\z/
+                session_data, digest = Regexp.last_match.captures
+                bin_session_data = Base64.decode(session_data)
+                bin_session_data = nil unless digest_match?(bin_session_data, digest)
+              end
+            else
+              bin_session_data = Base64.decode(session_data)
+            end
+          end
+
+          request.set_header(k, coder.decode(bin_session_data) || {})
+        end
+      end
+
+      def write_session(req, session_id, session, options)
+        session = session.merge('session_id'=>session_id)
+        bin_session_data = coder.encode(session)
+        session_data = Base64.encode(bin_session_data)
+
+        if @secrets.any?
+          session_data << '.' << generate_hmac(bin_session_data, @secrets.first)
+        end
+
+        session_data
+      end
+
+      def generate_hmac(data, secret)
+        Base64.encode(OpenSSL::HMAC.digest(@hmac.new, secret, data))
+      end
+    end
+  end
+end

data/lib/rack/session/smart_cookie/version.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: false
+begin
+  require 'rack/session/cookie'
+rescue LoadError
+end
+
+module Rack
+  module Session
+    # Stub out a parent class so gemspec can get the version from this file.
+    Cookie = Class.new unless defined?(Cookie)
+
+    class SmartCookie < Cookie
+      VERSION = '0.1.0'.freeze
+    end
+  end
+end

data/rack-session-smart_cookie.gemspec

@@ -0,0 +1,33 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rack/session/smart_cookie/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'rack-session-smart_cookie'
+  spec.version       = Rack::Session::SmartCookie::VERSION
+  spec.authors       = ['Mike Pastore']
+  spec.email         = ['mike@oobak.org']
+
+  spec.summary       = %q{Slighty smarter session cookies for Rack apps}
+  spec.homepage      = 'https://github.com/mwpastore/rack-session-smart_cookie#readme'
+  spec.license       = 'MIT'
+
+  spec.files         = %x{git ls-files -z}.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = %w[lib]
+
+  spec.required_ruby_version = '>= 2.2.8'
+
+  spec.add_dependency 'msgpack', '~> 1.1'
+  spec.add_dependency 'rack', ENV.fetch('RACK_VERSION', '~> 2.0.0')
+
+  spec.add_development_dependency 'bundler', '~> 1.15'
+  spec.add_development_dependency 'hobby', '~> 0.1.0'
+  spec.add_development_dependency 'minitest', '~> 5.0'
+  spec.add_development_dependency 'rack-test', '~> 0.7.0'
+  spec.add_development_dependency 'rake', '~> 12.0'
+end

metadata

@@ -0,0 +1,154 @@
+--- !ruby/object:Gem::Specification
+name: rack-session-smart_cookie
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Mike Pastore
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-11-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: msgpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+- !ruby/object:Gem::Dependency
+  name: hobby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+description: 
+email:
+- mike@oobak.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/rack-session-smart_cookie.rb
+- lib/rack/session/smart_cookie.rb
+- lib/rack/session/smart_cookie/version.rb
+- rack-session-smart_cookie.gemspec
+homepage: https://github.com/mwpastore/rack-session-smart_cookie#readme
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.2.8
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: Slighty smarter session cookies for Rack apps
+test_files: []