The secret key is currently just "password123", a placeholder which was forgotten about. A new system which loads a secret key from a file untracked on VCS should be implemented.
This system should dynamically generate a secret key on startup and continue to use it to avoid interrupting the setup experience of the app. Secret keys must persist through multiple run times or else user cookies will be invalidated when the server restarts.
TheComputerNerd88
commented
6 months ago
The secret key is currently just "password123", a placeholder which was forgotten about. A new system which loads a secret key from a file untracked on VCS should be implemented.
This system should dynamically generate a secret key on startup and continue to use it to avoid interrupting the setup experience of the app. Secret keys must persist through multiple run times or else user cookies will be invalidated when the server restarts.