Hi, I was going through the code and got a question. I saw that we are using hard-coded string `django.contrib.sessions` as the key salt to encode session data <https://github.com/django/django/blob/main/django/contrib/sessions/backends/base.py#L64>. Why not using the secret key? as the secret key is specific to environment and project it serves as a good candidate. Is it because the session data does not contain any sensitive info (it only contains user id and other info) so that's why this decision is made?
Thanks & Regards, Lokesh Sanpalli -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/6c6544b7-a190-4198-9108-6c66fac213ebn%40googlegroups.com.
