Support secret rotation

[danp]

Rack::Session::Cookie supports an :old_secret which allows for graceful secret rotation without breaking existing sessions. Would be great if EncryptedCookie supported something similar.

cc @tmaher

[namelessjon]

👍

I almost implemented this when I wrote the fixes to the crypto, but in the end, didn't have the time.

[danp]

Cool, I might take a stab at it if I get time.

[mkristian]

+1

[tonytonyjan]

Alternative solution

It's built on top of Rack::Session::Cookie, and you can do this:

use Rack::Session::EncryptedCookie, secret: 'test2', old_secret: 'test'