Just after waking up this morning, I received a text from a friend that our submission form was failing. Each sign-up showed "Configuration Error."

Traced the message back to an XHR response. Examined the sessions that yielded that response to find an identical nonce in each.

We disabled caching for that form, refreshed the page, and BINGO! Unique nonce.

Moral of the story: Cache can be your best friend, or your morning misery manufacturer. Don't cache the nonce.

dark British humour / double entendre 


very good advice with both meanings of this term (also means sexual predator/offender in British slang) - letting one hide on your network in many countries also risks encountering a whole heap of serious trouble!

dark British humour / double entendre 

@vfrmedia Wow, I had no idea it had that double-meaning!

@jonathansampson someone should turn "Don't cache the nonce" into a song to the tune of "don't copy that floppy."

CC: @djsundog

@lattera I'm embarrassed to say that I've never heard Don't Copy the Floppy :) Sounds like a Jonathan Coulton song. Hehe. @djsundog

