I'd like to access the cookies from an external app from merb but use the cookies to verify the user who sends the request to the external app.
The example code is here: http://pastie.org/778601
This looks fairly straightforward to me so I'm not quite sure why it isn't working. Obviously you'll need to replace the session_secret_key and goodcookie with something that is not fake to test. Am I completely missing something? It seems we just compare our digests and if they match then we are good -- if not someone has tried to change a value in the cookie.
I more or less ripped all this code from http://github.com/merb/merb/blob/master/merb-core/lib/merb-core/dispatch/session/cookie.rb
Anyone know what I'm doing wrong here?