Rooba
/
tornado
mirror of https://github.com/tornadoweb/tornado.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make it obvious to anyone reading copy-pasted example code that the cookie secret is not suitable for production use.

This commit is contained in:
Taylor Hughes 2012-08-31 23:46:56 -07:00
parent 3474d5f931
commit 764b443baa
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
website/sphinx/overview.rst
View File

@ -392,7 +392,7 @@ application settings as keyword arguments to your application:
application = tornado.web.Application([ application = tornado.web.Application([
(r"/", MainHandler), (r"/", MainHandler),
], cookie_secret="61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=") ], cookie_secret="__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__")
Signed cookies contain the encoded value of the cookie in addition to a Signed cookies contain the encoded value of the cookie in addition to a
timestamp and an `HMAC <http://en.wikipedia.org/wiki/HMAC>`_ signature. timestamp and an `HMAC <http://en.wikipedia.org/wiki/HMAC>`_ signature.
@ -451,7 +451,7 @@ specifying a nickname, which is then saved in a cookie:
application = tornado.web.Application([ application = tornado.web.Application([
(r"/", MainHandler), (r"/", MainHandler),
(r"/login", LoginHandler), (r"/login", LoginHandler),
], cookie_secret="61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=") ], cookie_secret="__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__")
You can require that the user be logged in using the `Python You can require that the user be logged in using the `Python
decorator <http://www.python.org/dev/peps/pep-0318/>`_ decorator <http://www.python.org/dev/peps/pep-0318/>`_
@ -469,7 +469,7 @@ rewritten:
self.write("Hello, " + name) self.write("Hello, " + name)
settings = { settings = {
"cookie_secret": "61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=", "cookie_secret": "__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__",
"login_url": "/login", "login_url": "/login",
} }
application = tornado.web.Application([ application = tornado.web.Application([
@ -510,7 +510,7 @@ include the application setting ``xsrf_cookies``:
:: ::
settings = { settings = {
"cookie_secret": "61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=", "cookie_secret": "__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__",
"login_url": "/login", "login_url": "/login",
"xsrf_cookies": True, "xsrf_cookies": True,
} }
@ -577,7 +577,7 @@ You can serve static files from Tornado by specifying the
settings = { settings = {
"static_path": os.path.join(os.path.dirname(__file__), "static"), "static_path": os.path.join(os.path.dirname(__file__), "static"),
"cookie_secret": "61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=", "cookie_secret": "__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__",
"login_url": "/login", "login_url": "/login",
"xsrf_cookies": True, "xsrf_cookies": True,
} }