I am trying to have shared cookies between Rails 3 and Rails 4.1 apps. The problem is that the Rails 3 cookies are just base64 encoded, but the Rails 4.1 cookies are encrypted.

Is there any way to make both Rails 3 and Rails 4.1 make to use compatible cookies?

For now the most easy way seems to downgrade to Rails 4.0

To get this working unset secret_key_base and instead use the same secret_token that you use in your Rails 3 app. Then the trick is to also set action_dispatch.cookies_serializer = :marshal. Otherwise Rails 4 stored the cookie in a format Rails 3 cannot read.

So my final config/initializers/session_store.rb has

Rails.application.config.action_dispatch.cookies_serializer = :marshal
Rails.application.config.secret_token = 'verylongstring'

Have you tried unsetting secret_key_base and setting secret_token to the same value you're using in your Rails 3 app? This might not work, but I don't see anything in the 4.1 upgrade guide to suggest it wouldn't.

If that doesn't work, the options I can think of:

1. Switch to a different session store (Memcached, ActiveRecord, whatever). Not ideal, since it means more infrastructure, but it should work.
2. Write your own cookie middleware. If you really need to share cookie information between multiple applications, this is your best long term solution. Don't depend on the pre-built Rails stuff, since (as you've found) that's hard to keep in sync. Write your own Rack middleware that's portable and does exactly what you need.