document [site].secret

author Tony Cook <tony@develop-help.com>

Fri, 16 Dec 2011 22:34:39 +0000 (09:34 +1100)

committer Tony Cook <tony@develop-help.com>

Fri, 16 Dec 2011 22:34:39 +0000 (09:34 +1100)
author Tony Cook <tony@develop-help.com>
Fri, 16 Dec 2011 22:34:39 +0000 (09:34 +1100)
committer Tony Cook <tony@develop-help.com>
Fri, 16 Dec 2011 22:34:39 +0000 (09:34 +1100)
diff --git a/Changes.txt b/Changes.txt

index 3f4171d1af7ce5102332a93c122d31f954ad6d9e..dd2ffea83d5b939c860c3eb8099b0e30716e3fce 100644 (file)
--- a/Changes.txt
+++ b/Changes.txt
@@ -36,6 +36,13 @@ Please read any NOTES below carefully.
   - passing a new session id between the SSL and non-SSL versions of
     the site is now validated.  RT #1279.
  
+   NOTE: This requires that [site].secret be set to a value specific
+   to your site.  Running:
+
+     openssl rand -base64 32
+
+   generates a suitable value.
+
   - delete the session data for a site users session when they logoff.
     As a side effect this will log out the admin user.
  
diff --git a/site/docs/config.pod b/site/docs/config.pod

index d1ff709c42f1989e7909c215e0f91903a2197536..59457383ad5f441a8969d874e7afa1a6e46de74f 100644 (file)
--- a/site/docs/config.pod
+++ b/site/docs/config.pod
@@ -61,6 +61,14 @@ against HTTP_X_FORWARDED_SERVER instead of SERVER_NAME.
  
  Default: no front-end server configured.
  
+=item secret
+
+A secret used (currently) for hashing cookie values passed between the
+secure and non-secure parts of the site.  This must be set.  A
+suitable value can be created with:
+
+  openssl rand -base64 32
+
  =back
  
  =head2 [paths]
author	Tony Cook <tony@develop-help.com>
	Fri, 16 Dec 2011 22:34:39 +0000 (09:34 +1100)
committer	Tony Cook <tony@develop-help.com>
	Fri, 16 Dec 2011 22:34:39 +0000 (09:34 +1100)
Changes.txt		patch \| blob \| blame \| history
site/docs/config.pod		patch \| blob \| blame \| history