id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
22638	Form wizard may raise unreasonable exceptions in case of SECRET_KEY change	Sasha Romijn	Sasha Romijn	"Our form wizard has two storage options: sessions and cookies, with `SessionWizardView` and `CookieWizardView`. To prevent manipulation, the cookies storage uses the signed cookies from `django.core.signing`. This creates a signature based on the `SECRET_KEY`. If the secret key is changed, `request.get_signed_cookie` will raise an exception, in which case the storage will raise `WizardViewCookieModified`, a subclass of `SuspiciousOperation`.

The cookie is loaded very early in the rendering of a the form wizard view. This means that if a user starts a form wizard, and the secret key is changed, any requests to the wizard will result in an exception and likely a 500 error. The user can only recover from this by deleting the cookie or restarting the browser (it seems to only persist in the current session).

It may appear sensible to raise a `SuspiciousOperation` for a possible cookie manipulation, but we currently don't do this in any other place, like sessions. Currently, user may suddenly get 500 errors for no clear reason, and the developer of the project has no ability to help them. Leaving this as is may also discourage people from rotating their secret key when needed.

I suggest that in case of an invalid wizard cookie, we simply ignore the value and thereby return the user to the first step."	Bug	closed	contrib.formtools	1.6	Normal	fixed		denis.cornehl@…	Ready for checkin	1	0	0	0	0	0