Ticket #2414 (closed defect: fixed)
Cookie secret must be defined in configuration
|Reported by:||sanjiv||Owned by:||percious|
The base_config.sa_auth.cookie_secret config key must be defined for app security.
Presently the config system does not check for this resulting in default cookie secret for all apps.
The error can be reproduced as follows:
- Create two quickstart apps
- Login to the first app as manager..
- Without closing the browser window, stop the first app and start the second app.
- Refresh the page and the user remains logged on as manager in the second app too.
This issue was reported and fixed in tg2.0.3 but was not back ported to tg2.x branch.
Attached is the fix backported from tg2.0.3.