@hackage / wai-secure-cookies

WAI middleware to automatically encrypt and sign cookies

Latest0.1.0.8

About

Metadata

  • Last updated , by alaminium
  • License MIT
  • Categories Web Development

  • Maintained by: ha.alamin@gmail.com

  • Lottery factor: 0

Links

Installation

Package Flags

Use the -f option with cabal commands to enable flags

    cryptonite (off by default)

    Enable use of cryptonite, instead of crypton fork

Readme

wai-secure-cookies

I extracted a WAI middleware to automatically encrypt and sign cookies.

WARNING

I am not a cryptographer, and the crypto libraries in Haskell are not nearly as easy to use as what I'm used to in Ruby, so I wouldn't depend on this for a serious project until it's had some proper eyes on it.

Usage

Populate the following environment variables in your WAI application process:

WAI_COOKIE_VALIDATION_KEY # key to sign cookie names and values
WAI_COOKIE_ENCRYPTION_KEY # key to encrypt cookie names and values

You can generate random keys with waicookie-genkey:

waicookie-genkey <key type> ...
key types: encryption
           validation