Sheogorath 3599fb79b4

Automatically generate a session secret if default is used ...

The session secret is used to sign and authenticate the session cookie
and this way very important for the authentication process.

By default the session secret is set to `secret` and never changes. This
commit will add a generator for a dynamic session secret if it stays
unchanged.

It prevents session hijacking this way and will warn the user about
the missing secret.

This also implies that on a restart without configured session secret
will log out all users. While it may seems annoying, it's for the users
best.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

2018-03-26 00:36:28 +02:00

..

default.js

Automatically generate a session secret if default is used

2018-03-26 00:36:28 +02:00

defaultSSL.js

fixed sslcapath bug

2017-12-05 12:06:10 +08:00

dockerSecret.js

Fix not passing app key correctly in dropbox config

2018-01-19 00:25:08 +08:00

enum.js

refactor(config.js): Extract config file

2017-05-08 19:29:07 +08:00

environment.js

Change config to camel case with backwards compatibility

2018-03-25 19:08:14 +02:00

index.js

Automatically generate a session secret if default is used

2018-03-26 00:36:28 +02:00

oldDefault.js

Change config to camel case with backwards compatibility

2018-03-25 19:08:14 +02:00

oldEnvironment.js

fix(config): ssl environment configs not parse properly

2017-05-08 20:41:38 +08:00

utils.js

Add helper function to fix number problems

2018-03-16 20:37:59 +01:00