struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Al Sutton <>
Subject Re: [s2] Whats the most strutsy way of doing....
Date Thu, 26 Jun 2008 14:53:19 GMT
The key(s) can be a single key per day/week/month. The date of the 
cookie generation can be included and the relevant key looked up.

The problem with MD5 is it's one way so I'd have to have either a search 
and match algorithm, or a database of MD5ed text to user mappings. With 
AES I can extract the user ID and a check that the password hasn't 
changed from the cookie itself by decrypting the cookie data.


Lukasz Lenart wrote:
> Hi,
> 2008/6/26 Al Sutton <>:
>> I was thinking more along the lines of encrypting the userId and password
>> hash using AES, store the value in the cookie, then if the cookie is
>> available during another session decrypt, check everything matches, and let
>> them back in.
> But you will have to store keys on the server side for future use,
> maybe simple MD5 plus some arbittary text will be better?
> Regards

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message