|
|
|
|
|
|
by tptacek
4909 days ago
|
|
|
Make sure your session secret is a long random string (it might be tempting, if you're passing it in through the environment, to make it shorter or readable). It's an HMAC key that anyone who can get a session from your application can dictionary. |
|
|