>>>>> lenny-5o6p1tln9c5dpfhejli...@public.gmane.org: > a. No. It’s a Hex string with no prefix or encoding > b. No. There is no encoding of the key in the URL, otherwise it’ll be > insecure. CipherKey is used to decrypt the rememberMe cookie. > c. Yes
Thanks! (Actually, reading through the stuff you wrote above about "must be fixed", probably "b. Yes." also (I possibly confused things with the stuff in parentheses) I have to think about the best way to set the fixed value. I think maybe have it in ~/.m2/settings.xml and expand the value in shiro.ini files or default with the current behaviour when the maven property value is missing?
