Encryption of _forum_session cookie


(AP) #1

I want to check whether a user is logged in from a different app (nodejs) running on the same server and domain (but different subdomain). I can access the _forum_session cookie but it is encrypted. I have tried the following script, but the cookie seems to have a different length:

So my question would be:

How can I decrypt the _forum_session cookie?


(Jens Maier) #2

If you just want to check if the user is logged in, grab the session token from the _t cookie (it’s not encrypted since it’s just a token) and look it up in Discourse’s database:

SELECT id FROM users WHERE auth_token = '#{token}'

(AP) #3

Thanks, that’s just what I was looking for! Works perfectly!


Setting the session token '_t' on the entire domain, not just my subdomain
(Régis Hanol) #4