What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
Browser retaining private key after logout when using encrypted formsAsked by imnresource on September 27, 2015 at 02:30 PM
My browser seems to be retaining the private key after I log out. This is in conflict with the Private Key Wizard upload popup which says "Your private key [...] will saved in your browser local storage until you logout JotForm". My browser seems to retain the private key until I clear my browsing history. I tested using Firefox 40.0.3 with windows XP and then tested again after being updated to Firefox 41.0. Here's what I did:
I logged into JotForm, selected my form, and clicked submissions.
I was prompted to upload my private key, and after I did so I got a message indicating that the key had been saved successfully. My (only) submission then showed up unencrypted.
I logged out of Jotform.
I logged back in to JotForm, selected the same form, and clicked submissions.
This time I was not prompted for my private key, and the submission showed up decrypted even though I had not re-uploaded my private key.
To further investigate what was going on I also did the following:
I logged out again and restarted my browser. When I logged back in I again was not prompted for my private key and the submission again showed up decrypted.
I logged out again and rebooted my computer. When I logged back in I again was not prompted for my private key and the submission again showed up decrypted.
I logged out again and deleted my browsing history. This time when I logged back in I was prompted for my private key and the form data could be seen encrypted behind the Private Key Wizard popup.
If I am not mistaken, this is because the key will also be stored in your browser's local storage. That will give you a convenience to where you don't need to upload the key every time you check your submissions.
Although, I do agree that there's something in the message (see screenshot below) that maybe confusing. It says "It will saved in your browser local storage until you logout JotForm..."
I presume that would mean that the private key will be cleared as soon as you logout to JotForm, is that how you have understood it?
You can learn more about the Encrypted forms here: http://www.jotform.com/help/344-What-are-Encrypted-Forms-and-how-to-use-them-as-expert
We'll wait for your response.
Yes, I took the message to mean the key would be cleared upon logout.It doesn't bother me that the key is retained by the browser after logout aside from the fact that the message says otherwise. Perhaps the message could be changed?
(There's also a grammar error in the message: "until you logout JotForm": appears to be missing the word "of". Not a big deal, but I mention this in case it's helpful.)
Thank you for updating us and for providing clarity on the details.
I have move your next suggestion on anohter thread here http://www.jotform.com/answers/672329
This way it can be address separately. We will attend to it shortly.