Martin Grigorov created WICKET-5855:
---------------------------------------
Summary: RememberMe functionality seems to be broken after the
change of the default crypt factory
Key: WICKET-5855
URL: https://issues.apache.org/jira/browse/WICKET-5855
Project: Wicket
Issue Type: Bug
Components: wicket-auth-roles
Affects Versions: 6.19.0, 7.0.0-M5
Reporter: Martin Grigorov
The fix for CVE-2014-7808 seems to break the "rememberMe" functionality in
wicket-auth-roles.
DefaultAuthenticationStrategy uses the crypt factory to encrypt the user
credentials. After restart of the application a new crypt factory is created
with a new secret key. Now it is not possible to decrypt the saved credentials.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
