Can't we just use application version by default? On Fri, Oct 5, 2012 at 11:22 AM, Ulrich Stärk <[email protected]> wrote:
> On 05.10.2012 00:22, Howard Lewis Ship wrote: > > On Thu, Oct 4, 2012 at 3:18 PM, Massimo Lusetti <[email protected]> > wrote: > >> On Thu, Oct 4, 2012 at 9:04 PM, Howard Lewis Ship <[email protected]> > wrote: > >> > >>> Users will want to configure their private pass phrase using a newly > >>> defined symbol. If left unconfigured, there will be a runtime error > >>> logged (not an exception, just an error to encourage users to select a > >>> private pass phrase). > >> > >> Why not generate a random string if not supplied. > >> Doesn't it work better then the "DEFAULT" string? > > > > That would not work in a cluster; different servers in the cluster > > would not be able to read each other's streams. Yes, usually, its > > based on sticky sessions, but even then, there's fail-over to > > consider. Also, a server restart would not only lose client sessions, > > but would generate a new random key, so any forms would become > > unsubmittable even if they did not depend on server-side session > > state. > > We could store a randomly generated key in the session for those requests > where a session exists. If > none exists use the default. I know, we are trying to store as little as > possible inside the > session, but the few bytes of the key shouldn't be a problem. > > Uli > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Dmitry Gusev AnjLab Team http://anjlab.com
