https://stackoverflow.com/questions/20820947
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianIt can be anything you want. Better if hard to catch or bruteforce. Same rules of password apply. It is currently generated with uuid.uuid4() if I remember correctly
Regenerating cookie_secret
-
22-09-2022 - |
Question
In the turbogears development.ini file, there's a value something like this:
cookie_secret = aabbccdd-eeff-0011-2233-445566778899
consisting of hexadecimal digits and dashes.
The same value is placed in beaker.session.secret and beaker.session.validate_key.
http://turbogears.org/2.0/docs/main/Config.html has a section on this value:
The beaker.session.secret key of the base_config object contains the secret used to store user sessions. Pylons automatically generates a random secret for you when you create a project. If an attacker gets his hands on this key, he will be able to forge a valid session an use your application at though he was logged in. In the event of a security breach, you can change this key to invalidate all user sessions.
What's the best way to generate a new key?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
