Encrypted cookies #30
Description
Save the session id encrypted in a cookie. This makes it difficult for potential hackers to modify cookie contents. They will still be able to see how the session id is generated in the gem's source code, but can't guess the sequence because the session id is encrypted.
We can use encrypted cookies as Rails does by adding the logic from the Rails encrypted CookieStore.
This uses the secret_token and secret_key_base values as saved in config/initializers/secret_token.rb for encryption.
This adds quite a bit more code to the code base and requires additional testing of course. I would copy most of the tests from the Rails test suite.
Whoever wants to pick this up is free to do so :)
Extracted from #23