summaryrefslogtreecommitdiff
path: root/lib/migrations/20161201050312-support-email-signin.js
diff options
context:
space:
mode:
authorSheogorath2018-03-26 00:30:17 +0200
committerSheogorath2018-03-26 00:36:28 +0200
commit3599fb79b437fb758e799452a9ad335420787349 (patch)
tree96ef2cc7d5fd86b1b43d65fb87f496673cad0664 /lib/migrations/20161201050312-support-email-signin.js
parent57c47a65dde59d355fba702bc91c63eebcc2533c (diff)
Automatically generate a session secret if default is used
The session secret is used to sign and authenticate the session cookie and this way very important for the authentication process. By default the session secret is set to `secret` and never changes. This commit will add a generator for a dynamic session secret if it stays unchanged. It prevents session hijacking this way and will warn the user about the missing secret. This also implies that on a restart without configured session secret will log out all users. While it may seems annoying, it's for the users best. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions