[Radiant] Possibly-dumb cookie question

Tue, 03 Jun 2008 10:15:36 -0700 

From 0.6.7's environment.rb:

  # Your secret key for verifying cookie session data integrity.
  # If you change this key, all old sessions will become invalid!
  # Make sure the secret is at least 30 characters and all random,
  # no regular words or you'll be exposed to dictionary attacks.
  config.action_controller.session = {
    :session_key => '_radiant_session',
    :secret      => '...'
  }
I just checked, and :secret doesn't seem to be site-specific. So isn't that pretty much the same as: 

int getRandomNumber()
{
    return 4; // chosen by fair dice roll.
              // guaranteed to be random.
}

Jay
_______________________________________________
Radiant mailing list
Post:   Radiant@radiantcms.org
Search: http://radiantcms.org/mailing-list/search/
Site:   http://lists.radiantcms.org/mailman/listinfo/radiant

Reply via email to