[Nitro] NASTY bug

Trans transfire at gmail.com
Fri Nov 9 07:41:54 EST 2007

On Nov 9, 3:54 am, "George Moschovitis" <george.moschovi... at gmail.com>
> Dear devs,
> I am trying to find a nasty bug in
> lib/raw/context/session/cookie.rb
> this file implements a cookie based session store, ie the session data is
> serialized to/from a cookie.
> for security we store both the serialized session data and an encrypted
> version of it (called diggest).
> when deserializing we check the raw data against the diggest to find out if
> the user has tampered the data.
> this scheme works 90%. But some times (seemingly random) the diggest check
> fails (ie  crypt(data) != diggest)
> for no apparent reason.
> I would like to really ask everyone on this list with some free time to have
> a look at the code and help me track down
> this nasty bug.

Ad you busting the 4K size limit?


More information about the Nitro-general mailing list