Closed Bug 871850 Opened 12 years ago Closed 12 years ago

Switch to encrypted cookie sessions for webpay

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P2)

Product:
Marketplace Graveyard
Component:
Payments/Refunds
Platform:
x86
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
2013-07-18

People

(Reporter: kumar, Assigned: kumar)

Details

Memcache is too unreliable [1] as a session store. We could use cookie sessions like zamboni (bug 860509) but it would be safer to encrypt webpay's cookie contents like bug 860954 to prevent any accidental leakage relating to billing IDs. [1] we've seen several memcache issues in dev and stage
Priority: -- → P2
For example: bug 865291 seems to have been caused by memcache filling up. A memcache failure should not destroy sessions.
Assignee: nobody → kumar.mcmillan
Target Milestone: --- → 2013-06-06
Target Milestone: 2013-06-06 → 2013-06-13
Target Milestone: 2013-06-13 → 2013-06-20
Target Milestone: 2013-06-20 → 2013-06-27
Target Milestone: 2013-06-27 → 2013-07-04
Target Milestone: 2013-07-04 → 2013-07-11
Target Milestone: 2013-07-11 → 2013-07-18
This landed on dev: https://github.com/mozilla/webpay/commit/a2d21d32221bd07e844c11dc2ae7b52072429b91
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.