Hi all, I’m using Dancer::Session::Cookie and facing a bit of a conundrum with the session_cookie_key a setup in the config file.
As we all know it’s not recommended to include live secrets in a git repository, so I’m attempting to create the session_cookie_key dynamically upon Dancer startup (documented here: https://metacpan.org/pod/Dancer::Config#SETTINGS), as follows: use Dancer; set session_cookie_key => crypto_nonce(20); ... dance; where crypto_nonce() is a cryptographically strong nonce generator (this approach happens to work for this particular app, because it’s an admin/dashboard panel with a small number of infrequent users, and the it runs on a single machine). I try to run the app, and get the following error: The setting session_cookie_key must be defined at /home/hermann/perl5/perlbrew/perls/perl-5.26.2/lib/site_perl/5.26.2/Dancer/Session/Cookie.pm line 38 So I add the following to environments/production.yml: session_cookie_key : “1” Try to run the app again, and not unexpectedly, I end up with session_cookie_key = 1. I can work around the problem by adding a hook: hook 'before' => sub { if ( length(config->{'session_cookie_key'}) < 5 ) { set session_cookie_key => crypto_nonce(20); } ... }; I’m wondering if there’s a more elegant way to accomplish what I’m trying to do? Thanks in advance! Hermann
_______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
