[ColdBox 3.8.1] establish cipher key in Colbbox.cfc

Is it okay to establish a cipher key in the Coldbox.cfc under the coldbox directives? My thinking is that when a user establishes a session, a unique cipher is created for them for the duration of said session. Is this true?

I have cipherKey = generateSecretKey(“AES”) in the coldbox directives section.

Any help is appreciated.

-CK

I’m not sure I’m entirely following what you’re doing, but remember that ColdBox settings are application-wide. If you are wanting to generate a key for each user, tie into the onSessionStart event handler or the sessionStart interception point and store the key in the session scope or the SessionStorage plugin.

Thanks!

~Brad

ColdBox Platform Evangelist
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com

Brad,

Thank you. I have moved the users cipher generator into the session storage, but it seems to be creating different encrypted string values for the user’s id even though the user’s cipher key stays the same.
I’ll keep working on it and post back my findings once it is solved.

You’d have to show us some code. Keep in mind that certain encryption algorithms can generate different outputs based on the same input if they incorporate a randomized salt.

Thanks!

~Brad

ColdBox Platform Evangelist
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com