#2414: Cookie secret must be defined in configuration
------------------------+---------------------------------------------------
Reporter: sanjiv | Owner: percious
Type: defect | Status: new
Priority: highest | Milestone: 2.1a3
Component: TurboGears | Version: 2.1a1
Severity: major | Keywords:
------------------------+---------------------------------------------------
The base_config.sa_auth.cookie_secret config key must be defined for app
security.
Presently the config system does not check for this resulting in default
cookie secret for all apps.
The error can be reproduced as follows:
1. Create two quickstart apps
2. Login to the first app as manager..
3. Without closing the browser window, stop the first app and start the
second app.
4. Refresh the page and the user remains logged on as manager in the
second app too.
This issue was reported and fixed in tg2.0.3 but was not back ported to
tg2.x branch.
Attached is the fix backported from tg2.0.3.
Sanjiv
--
Ticket URL: <http://trac.turbogears.org/ticket/2414>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
