Mercurial > kallithea
diff production.ini @ 3961:c9ca7fa55b0d beta
Fill session cookie secret with random generated app_uuid.
By default this setup is much more secure since it uses
SignedCookies instead of plain ones
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Fri, 07 Jun 2013 19:23:20 +0200 |
| parents | 535be0731523 |
| children | 60900e877b31 8c11a295d131 |
line wrap: on
line diff
--- a/production.ini Fri Jun 07 00:21:45 2013 +0200 +++ b/production.ini Fri Jun 07 19:23:20 2013 +0200 @@ -293,9 +293,11 @@ ## file based cookies (default) ## #beaker.session.type = file +beaker.session.key = rhodecode +beaker.session.secret = ${app_instance_uuid} -beaker.session.key = rhodecode -## secure cookie requires AES python libraries +## Secure encrypted cookie. Requires AES and AES python libraries +## you must disable beaker.session.secret to use this #beaker.session.encrypt_key = <key_for_encryption> #beaker.session.validate_key = <validation_key>