Mercurial > kallithea
comparison production.ini @ 3961:c9ca7fa55b0d beta
Fill session cookie secret with random generated app_uuid.
By default this setup is much more secure since it uses
SignedCookies instead of plain ones
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Fri, 07 Jun 2013 19:23:20 +0200 |
parents | 535be0731523 |
children | 60900e877b31 8c11a295d131 |
comparison
equal
deleted
inserted
replaced
3959:e1a0fdaecf63 | 3961:c9ca7fa55b0d |
---|---|
291 #beaker.session.type = cookie | 291 #beaker.session.type = cookie |
292 | 292 |
293 ## file based cookies (default) ## | 293 ## file based cookies (default) ## |
294 #beaker.session.type = file | 294 #beaker.session.type = file |
295 | 295 |
296 | |
297 beaker.session.key = rhodecode | 296 beaker.session.key = rhodecode |
298 ## secure cookie requires AES python libraries | 297 beaker.session.secret = ${app_instance_uuid} |
298 | |
299 ## Secure encrypted cookie. Requires AES and AES python libraries | |
300 ## you must disable beaker.session.secret to use this | |
299 #beaker.session.encrypt_key = <key_for_encryption> | 301 #beaker.session.encrypt_key = <key_for_encryption> |
300 #beaker.session.validate_key = <validation_key> | 302 #beaker.session.validate_key = <validation_key> |
301 | 303 |
302 ## sets session as invalid if it haven't been accessed for given amount of time | 304 ## sets session as invalid if it haven't been accessed for given amount of time |
303 beaker.session.timeout = 2592000 | 305 beaker.session.timeout = 2592000 |