Hacker News new | ask | show | jobs
by pjungwir 4520 days ago
It is relevant to this:

> I . . . decoded _gist_session cookie (which is regular Rails Base64 encoded cookie)

In Rails 4 the session cookie is encrypted with a server-side secret, so the end user can't decipher it.
2 comments
kneath 4520 days ago
Gist is indeed running Rails 4.
link
steveklabnik 4520 days ago
Isn't gist an entirely separate application from dotcom? My impression was gist is a Sinatra app, not Rails.
link