- **status**: review --> closed
---
**[tickets:#8526] improve session cookie handling NEEDS CONFIG CHANGES**
**Status:** closed
**Milestone:** unreleased
**Labels:** security
**Created:** Wed Nov 15, 2023 07:48 PM UTC by Dave Brondsema
**Last Updated:** Thu Nov 16, 2023 11:05 PM UTC
- **status**: in-progress --> review
---
** [tickets:#8526] improve session cookie handling NEEDS CONFIG CHANGES**
**Status:** review
**Milestone:** unreleased
**Labels:** security
**Created:** Wed Nov 15, 2023 07:48 PM UTC by Dave Brondsema
**Last Updated:** Wed Nov 15, 2023 08:40 PM UTC
- **summary**: improve session cookie handling --> improve session cookie
handling NEEDS CONFIG CHANGES
- **Comment**:
for deployment/changelog:
- add `session.jwt_secret_keys` to .ini file, with a value `python -c 'import
secrets; print(secrets.token_hex());'`
- `session.type = cookie` is no
---
** [tickets:#8526] improve session cookie handling**
**Status:** in-progress
**Milestone:** unreleased
**Labels:** security
**Created:** Wed Nov 15, 2023 07:48 PM UTC by Dave Brondsema
**Last Updated:** Wed Nov 15, 2023 07:48 PM UTC
**Owner:** Dave Brondsema
Main thing is to move away