i guess this is because we now use sessionid as the seed for the encryption of the urls
So when a session times out and that user makes another request to it we cant decrypt it anymore because another seed is used. I already changed the handling of that in trunk so that now a page expired is thrown when that happens. On Mon, Nov 17, 2008 at 5:21 AM, Andrew Berman <[EMAIL PROTECTED]> wrote: > I upgraded from 1.3.4 to 1.3.5 and now I am seeing this error all over the > place in my log files.. > > [ERROR] 21:44:24 CryptedUrlWebRequestCodingStrategy - Invalid URL: > > foo/?x=kSQEmQImbZiH47lvkBIVh0gnXDVDx7-UQqHufLUVx5IVu10xEJYI8UXQ2B0gQCTDdAzJ7rUByXI > org.apache.wicket.WicketRuntimeException: Unable to decrypt the text > '�$^D�^B&m���o�^R^U�H'\5Cǿ�B��|�^Uǒ^U�]1^P�^H�E��^] @$�t^L��^A�r' > at > > org.apache.wicket.util.crypt.AbstractCrypt.decryptByteArray(AbstractCrypt.java:145) > at > > org.apache.wicket.util.crypt.AbstractCrypt.decryptUrlSafe(AbstractCrypt.java:67) > at > > org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decodeURL(CryptedUrlWebRequestCodingStrategy.java:250) > at > > org.apache.wicket.protocol.http.request.CryptedUrlWebRequestCodingStrategy.decode(CryptedUrlWebRequestCodingStrategy.java:98) > at org.apache.wicket.Request.getRequestParameters(Request.java:171) > at org.apache.wicket.RequestCycle.step(RequestCycle.java:1233) > at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1353) > at org.apache.wicket.RequestCycle.request(RequestCycle.java:493) > at > org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:355) > at > org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124) > > Anyone have any ideas what in the world is causing the jibberish? I am > using JDK 6 and Wicket 1.3.5. > > Thanks, > > Andrew >
