[Radiant] Possibly-dumb cookie question
Jay Levitt
lists-radiant at shopwatch.org
Tue Jun 3 08:11:23 CDT 2008
From 0.6.7's environment.rb:
# Your secret key for verifying cookie session data integrity.
# If you change this key, all old sessions will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
config.action_controller.session = {
:session_key => '_radiant_session',
:secret => '...'
}
I just checked, and :secret doesn't seem to be site-specific. So isn't that
pretty much the same as:
int getRandomNumber()
{
return 4; // chosen by fair dice roll.
// guaranteed to be random.
}
Jay
More information about the Radiant
mailing list