Mercurial > kallithea
comparison production.ini @ 3961:c9ca7fa55b0d beta
Fill session cookie secret with random generated app_uuid.
By default this setup is much more secure since it uses
SignedCookies instead of plain ones
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Fri, 07 Jun 2013 19:23:20 +0200 |
| parents | 535be0731523 |
| children | 60900e877b31 8c11a295d131 |
comparison
equal
deleted
inserted
replaced
| 3959:e1a0fdaecf63 | 3961:c9ca7fa55b0d |
|---|---|
| 291 #beaker.session.type = cookie | 291 #beaker.session.type = cookie |
| 292 | 292 |
| 293 ## file based cookies (default) ## | 293 ## file based cookies (default) ## |
| 294 #beaker.session.type = file | 294 #beaker.session.type = file |
| 295 | 295 |
| 296 | |
| 297 beaker.session.key = rhodecode | 296 beaker.session.key = rhodecode |
| 298 ## secure cookie requires AES python libraries | 297 beaker.session.secret = ${app_instance_uuid} |
| 298 | |
| 299 ## Secure encrypted cookie. Requires AES and AES python libraries | |
| 300 ## you must disable beaker.session.secret to use this | |
| 299 #beaker.session.encrypt_key = <key_for_encryption> | 301 #beaker.session.encrypt_key = <key_for_encryption> |
| 300 #beaker.session.validate_key = <validation_key> | 302 #beaker.session.validate_key = <validation_key> |
| 301 | 303 |
| 302 ## sets session as invalid if it haven't been accessed for given amount of time | 304 ## sets session as invalid if it haven't been accessed for given amount of time |
| 303 beaker.session.timeout = 2592000 | 305 beaker.session.timeout = 2592000 |