18F · jmhooper · Jun 30, 2023 · Jun 28, 2023 · Jun 28, 2023 · Jun 29, 2023
diff --git a/config/application.yml.default b/config/application.yml.default
@@ -316,7 +316,6 @@ service_provider_request_ttl_hours: 24
 session_check_delay: 30
 session_check_frequency: 30
 session_encryptor_alert_enabled: false
-session_encryptor_v3_enabled: true
 session_timeout_in_minutes: 15
 session_timeout_warning_seconds: 150
 session_total_duration_timeout_in_minutes: 720

diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
@@ -1,5 +1,4 @@
 require 'session_encryptor'
-require 'legacy_session_encryptor'
 
 APPLICATION_SESSION_COOKIE_KEY = '_identity_idp_session'.freeze
 

diff --git a/lib/identity_config.rb b/lib/identity_config.rb
@@ -432,7 +432,6 @@ def self.build_store(config_map)
     config.add(:session_check_frequency, type: :integer)
     config.add(:session_encryption_key, type: :string)
     config.add(:session_encryptor_alert_enabled, type: :boolean)
-    config.add(:session_encryptor_v3_enabled, type: :boolean)
     config.add(:session_timeout_in_minutes, type: :integer)
     config.add(:session_timeout_warning_seconds, type: :integer)
     config.add(:session_total_duration_timeout_in_minutes, type: :integer)

diff --git a/lib/legacy_session_encryptor.rb b/lib/legacy_session_encryptor.rb
diff --git a/lib/session_encryptor.rb b/lib/session_encryptor.rb
@@ -43,8 +43,6 @@ class SensitiveValueError < StandardError; end
   SENSITIVE_REGEX = %r{#{SENSITIVE_DEFAULT_FIELDS.join('|')}}i
 
   def load(value)
-    return LegacySessionEncryptor.new.load(value) if should_use_legacy_encryptor_for_read?(value)
-
     payload = MessagePack.unpack(value)
     ciphertext = payload[CIPHERTEXT_KEY]
     compressed = payload[COMPRESSED_KEY]
@@ -62,7 +60,6 @@ def load(value)
   end
 
   def dump(value)
-    return LegacySessionEncryptor.new.dump(value) if should_use_legacy_encryptor_for_write?
     value.deep_stringify_keys!
 
     kms_encrypt_pii!(value)
@@ -206,18 +203,10 @@ def alert_or_raise_if_contains_sensitive_keys!(hash)
     end
   end
 
-  def should_use_legacy_encryptor_for_read?(value)
-    value.start_with?(LegacySessionEncryptor::CIPHERTEXT_HEADER)
-  end
-
   def should_compress?(value)
     value.bytesize >= MINIMUM_COMPRESS_LIMIT
   end
 
-  def should_use_legacy_encryptor_for_write?
-    !IdentityConfig.store.session_encryptor_v3_enabled
-  end
-
   def session_encryption_key
     IdentityConfig.store.session_encryption_key
   end