3599fb79b4
The session secret is used to sign and authenticate the session cookie and this way very important for the authentication process. By default the session secret is set to `secret` and never changes. This commit will add a generator for a dynamic session secret if it stays unchanged. It prevents session hijacking this way and will warn the user about the missing secret. This also implies that on a restart without configured session secret will log out all users. While it may seems annoying, it's for the users best. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> |
||
|---|---|---|
| .. | ||
| default.js | ||
| defaultSSL.js | ||
| dockerSecret.js | ||
| enum.js | ||
| environment.js | ||
| index.js | ||
| oldDefault.js | ||
| oldEnvironment.js | ||
| utils.js | ||