Comments (6)
It's hard to tell without more information, but my best guess is that you're running out of entropy for your random number generator. Does the problem persist if you switch to the memory-store?
from ring.
I was unable to reproduce the issue with the default memory story.
from ring.
That very strongly indicates that you're running out of entropy in your system, then. When it runs out, the process blocks until it can gather enough entropy to securely encrypt the cookie.
from ring.
Sounds good, nothing you can do about then. Do you have any recommendations for what I could look into to potentially avoid bumping into this or improve the situation?
from ring.
It really depends on your operating system. My experience with production systems is that the amount of network I/O provides sufficient entropy that this isn't an issue, but YMMV.
It's also possible that the cookie middleware might be using more entropy than it needs, but if so, I'm not smart enough to spot it in the code. :)
from ring.
Great, thanks for the explanation. Appreciate you looking into this.
from ring.
Related Issues (20)
- function ring.util.response/file-response doesn't work with opt. :root like "C:\\" in Windows
- `wrap-nested-params` does not parse `query-params` to produce a nested structure. HOT 3
- Callback after response transmission HOT 2
- ring.util.response/resource-response triggers JDK bug and leaks file descriptors HOT 2
- Consider adding data_readers for clj-time or coercing to timestamp HOT 1
- URL path causes exception in resource middleware HOT 3
- Broken link on https://github.com/ring-clojure/ring/wiki/Creating-responses HOT 2
- Prevent compilation-time jetty log initialization HOT 6
- request: How to register wasm mime on clojure ring server? HOT 2
- Ring Jetty Adapter attempts to handle requests that have already been handled HOT 6
- Release new version of ring-jetty-adapter to avoid CVE-2022-2191 HOT 1
- ring-jetty and timeouts HOT 5
- Can ring use the latest version of Jetty - 9.4.49.v20220914 HOT 1
- upgrade of Apache Commons FileUpload to 1.5 HOT 13
- Websocket support HOT 1
- The AES / CBC algorithm used in the cookie session store _might_ be insecure HOT 3
- Attributes in the `Set-Cookie` header are formatted incorrectly HOT 1
- How to measure time that it takes to complete a request? HOT 2
- Documentation for cookies HOT 2
- How to change UriCompliance mode HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ring.