ronin-web-session_cookie 0.1.0.rc1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 4a7441de5e3e4323abf9dec2d8297fa8c82d9a0bf21963422bd0f0da0dde439b
+  data.tar.gz: fb8e7eee30b8d70ee587a6a12116d5297eb12ed99e799ae9a9a69ebd62f0f160
+SHA512:
+  metadata.gz: 44ebb5338c90ba587ad39f3c34c295f8697cebbbacc4fafc74725d23788ddb707c8d5e2e57f41f52987de67b823556c44b00ad99f320614177d9092cb1a40ec8
+  data.tar.gz: 66953042ebe54ea5c9ea736b5dca86c29ee7e22ecab52f09dc85ef0b2fb59c4b285e3f2024806a8970db3644b1346e7e34a8f3f4f8dc14807e11a0bbd14af9d7

data/.document

@@ -0,0 +1,4 @@
+lib/**/*.rb
+- 
+ChangeLog.md
+COPYING.txt

data/.github/workflows/ruby.yml

@@ -0,0 +1,43 @@
+name: CI
+
+on: [ push, pull_request ]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - '3.0'
+          - '3.1'
+          - '3.2'
+          - '3.3'
+          - jruby
+          - truffleruby
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run tests
+        run: bundle exec rake test
+
+  # rubocop linting
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run rubocop
+        run: bundle exec rubocop --parallel

data/.gitignore

@@ -0,0 +1,13 @@
+/coverage
+/doc
+/pkg
+/man/*.[1-9]
+/vendor/bundle
+/Gemfile.lock
+/.bundle
+/.yardoc
+.DS_Store
+*.db
+*.log
+*.swp
+*~

data/.rspec

@@ -0,0 +1 @@
+--colour --format documentation

data/.rubocop.yml

@@ -0,0 +1,20 @@
+AllCops:
+  NewCops: enable
+  SuggestExtensions: false
+  TargetRubyVersion: 3.1
+
+inherit_gem:
+  rubocop-ronin: rubocop.yml
+
+Naming/PredicateName:
+  Exclude:
+    - 'lib/ronin/web/session_cookie/cookie.rb'
+
+Security/MarshalLoad:
+  Exclude:
+    - 'lib/ronin/web/session_cookie/rack.rb'
+
+Style/NumericLiterals:
+  Exclude:
+    - 'spec/jwt_spec.rb'
+    - 'spec/django_spec.rb'

data/.ruby-version

@@ -0,0 +1 @@
+ruby-3.1

data/.yardopts

@@ -0,0 +1 @@
+--markup markdown --title 'Ronin::Web::SessionCookie Documentation' --protected

data/COPYING.txt

@@ -0,0 +1,165 @@
+                   GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

data/ChangeLog.md

@@ -0,0 +1,13 @@
+### 0.1.0 / 2024-XX-XX
+
+* Initial release:
+  * Supports the following session cookie formats:
+    * [Rack][rack-session]
+    * [Django]
+    * [JSON Web Token (JWT)][JWT]
+  * Has 98% test coverage.
+  * Has 97% documentation coverage.
+
+[rack-session]: https://github.com/rack/rack-session
+[Django]: https://docs.djangoproject.com/en/4.1/topics/http/sessions/#using-cookie-based-sessions
+[JWT]: https://jwt.io

data/Gemfile

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+gemspec
+
+gem 'jruby-openssl', '~> 0.7', platform: :jruby
+
+# gem 'python-pickle', '~> 0.1', github: 'postmodern/python-pickle.rb',
+#                                branch: 'main'
+
+# Ronin dependencies
+# gem 'ronin-support',	'~> 1.1', github: "ronin-rb/ronin-support",
+#                                 branch: 'main'
+
+group :development do
+  gem 'rake'
+  gem 'rubygems-tasks',  '~> 0.2'
+
+  gem 'rspec',           '~> 3.0'
+  gem 'simplecov',       '~> 0.20'
+
+  gem 'kramdown',        '~> 2.0'
+  gem 'kramdown-man',    '~> 0.1'
+
+  gem 'redcarpet',       platform: :mri
+  gem 'yard',            '~> 0.9'
+  gem 'yard-spellcheck', require: false
+
+  gem 'dead_end',        require: false
+  gem 'sord',            require: false, platform: :mri
+  gem 'stackprof',       require: false, platform: :mri
+  gem 'rubocop',         require: false, platform: :mri
+  gem 'rubocop-ronin',   require: false, platform: :mri
+end

data/README.md

@@ -0,0 +1,137 @@
+# ronin-web-session_cookie
+
+[![CI](https://github.com/ronin-rb/ronin-web-session_cookie/actions/workflows/ruby.yml/badge.svg)](https://github.com/ronin-rb/ronin-web-session_cookie/actions/workflows/ruby.yml)
+[![Code Climate](https://codeclimate.com/github/ronin-rb/ronin-web-session_cookie.svg)](https://codeclimate.com/github/ronin-rb/ronin-web-session_cookie)
+
+* [Website](https://ronin-rb.dev/)
+* [Source](https://github.com/ronin-rb/ronin-web-session_cookie)
+* [Issues](https://github.com/ronin-rb/ronin-web-session_cookie/issues)
+* [Documentation](https://ronin-rb.dev/docs/ronin-web-session_cookie/frames)
+* [Discord](https://discord.gg/6WAb3PsVX9) |
+  [Mastodon](https://infosec.exchange/@ronin_rb)
+
+## Description
+
+ronin-web-session_cookie is a library for parsing and deserializing various
+session cookie formats. It supports Rack, Django (JSON and Pickled), and JWT.
+
+## Features
+
+* Supports the following session cookie formats:
+  * [Rack][rack-session]
+  * [Django]
+  * [JSON Web Token (JWT)][JWT]
+* Has 98% test coverage.
+* Has 97% documentation coverage.
+
+## Examples
+
+Parse a [Rack][rack-session] session cookie:
+
+```ruby
+require 'ronin/web/session_cookie'
+
+Ronin::Web::SessionCookie.parse('rack.session=BAh7CEkiD3Nlc3Npb25faWQGOgZFVG86HVJhY2s6OlNlc3Npb246OlNlc3Npb25JZAY6D0BwdWJsaWNfaWRJIkUyYWJkZTdkM2I0YTMxNDE5OThiYmMyYTE0YjFmMTZlNTNlMWMzYWJlYzhiYzc4ZjVhMGFlMGUwODJmMjJlZGIxBjsARkkiCWNzcmYGOwBGSSIxNHY1TmRCMGRVaklXdjhzR3J1b2ZhM2xwNHQyVGp5ZHptckQycjJRWXpIZz0GOwBGSSINdHJhY2tpbmcGOwBGewZJIhRIVFRQX1VTRVJfQUdFTlQGOwBUSSItOTkxNzUyMWYzN2M4ODJkNDIyMzhmYmI5Yzg4MzFmMWVmNTAwNGQyYwY7AEY%3D--02184e43850f38a46c8f22ffb49f7f22be58e272')
+# =>
+# #<Ronin::Web::SessionCookie::Rack:0x00007ff67455ee30
+#  @params=
+#   {"session_id"=>"2abde7d3b4a3141998bbc2a14b1f16e53e1c3abec8bc78f5a0ae0e082f22edb1",
+#    "csrf"=>"4v5NdB0dUjIWv8sGruofa3lp4t2TjydzmrD2r2QYzHg=",
+#    "tracking"=>{"HTTP_USER_AGENT"=>"9917521f37c882d42238fbb9c8831f1ef5004d2c"}}>
+```
+
+Parse a Django JSON session cookie:
+
+```ruby
+Ronin::Web::SessionCookie.parse('sessionid=eyJmb28iOiJiYXIifQ:1pQcTx:UufiSnuPIjNs7zOAJS0UpqnyvRt7KET7BVes0I8LYbA')
+# => 
+# #<Ronin::Web::SessionCookie::Django:0x00007f29bb9c6b70
+#  @hmac=
+#   "R\xE7\xE2J{\x8F\"3l\xEF3\x80%-\x14\xA6\xA9\xF2\xBD\e{(D\xFB\x05W\xAC\xD0\x8F\va\xB0",
+#  @params={"foo"=>"bar"},
+#  @salt=1676070425>
+```
+
+Parse a Django Pickled session cookie:
+
+```ruby
+Ronin::Web::SessionCookie.parse('sessionid=gAWVEAAAAAAAAAB9lIwDZm9vlIwDYmFylHMu:1pQcay:RjaK8DKN4xXQ_APIXXWEyFS08Q-PGo6UlRBFpedFk9M')
+# =>
+# #<Ronin::Web::SessionCookie::Django:0x00007f29b7aa6dc8
+#  @hmac=
+#   "F6\x8A\xF02\x8D\xE3\x15\xD0\xFC\x03\xC8]u\x84\xC8T\xB4\xF1\x0F\x8F\x1A\x8E\x94\x95\x10E\xA5\xE7E\x93\xD3",
+#  @params={"foo"=>"bar"},
+#  @salt=1676070860>
+```
+
+Parse a [JSON Web Token (JWT)][JWT] session cookie:
+
+```ruby
+Ronin::Web::SessionCookie.parse('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c')
+# =>
+# #<Ronin::Web::SessionCookie::JWT:0x00007f4e8ef0ff08
+#  @header={"alg"=>"HS256", "typ"=>"JWT"},
+#  @hmac=
+#   "I\xF9J\xC7\x04IH\xC7\x8A(]\x90O\x87\xF0\xA4\xC7\x89\x7F~\x8F:N\xB2%V\x9DB\xCB0\xE5",
+#  @params={"sub"=>"1234567890", "name"=>"John Doe", "iat"=>1516239022}>
+```
+
+## Requirements
+
+* [Ruby] >= 3.0.0
+* [ronin-support] ~> 1.0
+* [rack-session] ~> 1.0
+* [python-pickle] ~> 0.1
+
+## Install
+
+```shell
+$ gem install ronin-web-session_cookie
+```
+
+### Gemfile
+
+```ruby
+gem 'ronin-web-session_cookie', '~> 0.1'
+```
+
+### gemspec
+
+```ruby
+gem.add_dependency 'ronin-web-session_cookie', '~> 0.1'
+```
+
+## Development
+
+1. [Fork It!](https://github.com/ronin-rb/ronin-web-session_cookie/fork)
+2. Clone It!
+3. `cd ronin-web-session_cookie/`
+4. `bundle install`
+5. `git checkout -b my_feature`
+6. Code It!
+7. `bundle exec rake spec`
+8. `git push origin my_feature`
+
+## License
+
+Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
+
+ronin-web-session_cookie is free software: you can redistribute it and/or modify
+it under the terms of the GNU Lesser General Public License as published
+by the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+ronin-web-session_cookie is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public License
+along with ronin-web-session_cookie.  If not, see <https://www.gnu.org/licenses/>.
+
+[Ruby]: https://www.ruby-lang.org
+[ronin-support]: https://github.com/ronin-rb/ronin-support#readme
+[rack-session]: https://github.com/rack/rack-session
+[python-pickle]: https://github.com/postmodern/python-pickle#readme
+[Django]: https://docs.djangoproject.com/en/4.1/topics/http/sessions/#using-cookie-based-sessions
+[JWT]: https://jwt.io

data/Rakefile

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require 'rubygems'
+
+begin
+  require 'bundler'
+rescue LoadError => e
+  warn e.message
+  warn "Run `gem install bundler` to install Bundler"
+  exit(-1)
+end
+
+begin
+  Bundler.setup(:development)
+rescue Bundler::BundlerError => e
+  warn e.message
+  warn "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+
+require 'rake'
+
+require 'rubygems/tasks'
+Gem::Tasks.new(sign: {checksum: true, pgp: true})
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+task :test    => :spec
+task :default => :spec
+
+require 'yard'
+YARD::Rake::YardocTask.new
+task :docs => :yard
+
+require 'kramdown/man/task'
+Kramdown::Man::Task.new

data/gemspec.yml

@@ -0,0 +1,29 @@
+name: ronin-web-session_cookie
+summary: A library for parsing and deserializing various session cookies.
+description: |
+  ronin-web-session_cookie is a library for parsing and deserializing various
+  session cookie formats. It supports Rack, Django, and JWT.
+
+license: LGPL-3.0
+authors: Postmodern
+email: postmodern.mod3@gmail.com
+homepage: https://ronin-rb.dev/
+has_yard: true
+
+metadata:
+  documentation_uri: https://ronin-rb.dev/docs/ronin-web-session_cookie
+  source_code_uri:   https://github.com/ronin-rb/ronin-web-session_cookie
+  bug_tracker_uri:   https://github.com/ronin-rb/ronin-web-session_cookie/issues
+  changelog_uri:     https://github.com/ronin-rb/ronin-web-session_cookie/blob/main/ChangeLog.md
+  rubygems_mfa_required: 'true'
+
+required_ruby_version: ">= 3.0.0"
+
+dependencies:
+  # Ronin dependencies:
+  ronin-support: ~> 1.1.0.rc1
+  rack-session: ~> 1.0
+  python-pickle: ~> 0.1
+
+development_dependencies:
+  bundler: ~> 2.0

data/lib/ronin/web/session_cookie/cookie.rb

@@ -0,0 +1,160 @@
+# frozen_string_literal: true
+#
+# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
+#
+# ronin-web-session_cookie is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-web-session_cookie is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-web-session_cookie.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+module Ronin
+  module Web
+    module SessionCookie
+      #
+      # Base class for all session cookie classes.
+      #
+      class Cookie
+
+        include Enumerable
+
+        # Regular expression for a URI decoded Base64 blob.
+        STRICT_BASE64_REGEXP = %r{(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?|[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=}
+
+        # Regular expression for a URI escaped Base64 blob.
+        URI_ENCODED_BASE64_REGEXP = %r{(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}%3D%3D|[A-Za-z0-9+/]{3}%3D)?|[A-Za-z0-9+/]{2}%3D|[A-Za-z0-9+/]{3}%3D}
+
+        # Regular expression for a URL-safe encoded Base64 blob.
+        URL_SAFE_BASE64_REGEXP = /[A-Za-z0-9_-]{2,}/
+
+        # The cookie params.
+        #
+        # @return [Hash]
+        attr_reader :params
+
+        #
+        # Initializes the session cookie.
+        #
+        # @param [Hash] params
+        #   The parsed contents of the session cookie.
+        #
+        # @api private
+        #
+        def initialize(params)
+          @params = params
+        end
+
+        #
+        # Determines if the given string is a valid session cookie.
+        #
+        # @param [String] string
+        #
+        # @return [Boolean]
+        #
+        # @api public
+        #
+        # @abstract
+        #
+        def self.identify?(string)
+          raise(NotImplementedError,"#{self}.identify? was not implemented")
+        end
+
+        #
+        # Parses a session cookie value.
+        #
+        # @param [String] string
+        #
+        # @return [Cookie]
+        #
+        # @abstract
+        #
+        # @api public
+        #
+        def self.parse(string)
+          raise(NotImplementedError,"#{self}.parse was not implemented")
+        end
+
+        #
+        # Extracts and parses the session cookie from an HTTP response.
+        #
+        # @param [Net::HTTPResponse] response
+        #   The HTTP response object.
+        #
+        # @return [Cookie, nil]
+        #   The parsed session cookie or `nil` if no session cookie could be
+        #   detected.
+        #
+        # @abstract
+        #
+        # @api public
+        #
+        def self.extract(response)
+          raise(NotImplementedError,"#{self}.extract was not implemented")
+        end
+
+        #
+        # Determines if the session cookie contains the given param.
+        #
+        # @param [String] params
+        #
+        # @return [Boolean]
+        #
+        # @api public
+        #
+        def has_key?(params)
+          @params.has_key?(params)
+        end
+
+        #
+        # Returns the value for the given session cookie param.
+        #
+        # @param [String] key
+        #
+        # @return [Object, nil]
+        #
+        # @api public
+        #
+        def [](key)
+          @params[key]
+        end
+
+        #
+        # Enumerates over the params within the session cookie.
+        #
+        # @yield [key, value]
+        #
+        # @yieldparam [String] key
+        #
+        # @yieldparam [Object] value
+        #
+        # @return [Enumerator]
+        #
+        # @api public
+        #
+        def each(&block)
+          @params.each(&block)
+        end
+
+        #
+        # Converts the session cookie into a Hash.
+        #
+        # @return [Hash]
+        #
+        # @api public
+        #
+        def to_h
+          @params
+        end
+
+      end
+    end
+  end
+end