In Stripes 1.4 we used encryption keys that were specific to the
user's session. Starting with Stripes 1.5 we use (by default) a
single key for the application which will be able to decrypt values
across sessions (and if configured so, across restarts).
So the easiest solution is probably just to try out 1.5.
-t
On Jun 13, 2008, at 1:30 PM, Martin, Kent wrote:
When our users go to lunch in the middle of entering data on a
multi-page "form" (implemented as a Stripes wizard) and try to
finish when they return we get a Stripes runtime exception:
Stripes attmpted and failed to decrypt the non-null value in the
'fields present' field. Because this form submission is a wizard
this situation cannot be accepted as it could result in a security
problem. It is usually the result of either tampering with hidden
field values, or session expiration.
It appears our options are:
A. Display a page explaining an error occurred and have the user
start over.
B. Increase the session timeout setting to something like 2 hours
to make
session timeouts less likely to occur.
Neither of these options sound ideal. As our security is checked
again on the submission of the final page of the wizard I'm
wondering if we could recover without loosing the data the user has
entered and allow them to continue using the wizard from where they
left off. Is this possible or even desirable?
Thanks!
Kent
--------------------------
Kent W. Martin
Lead Programmer Analyst
THR Information Services
(817) 462-6086
The information contained in this message and any attachments is
intended only for the use of the individual or entity to which it
is addressed, and may contain information that is PRIVILEGED,
CONFIDENTIAL, and exempt from disclosure under applicable law. If
you are not the intended recipient, you are prohibited from
copying, distributing, or using the information. Please contact the
sender immediately by return e-mail and delete the original message
from your system.
----------------------------------------------------------------------
---
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/
index.php_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
