From a36f2c026562a6ee89b0ea64a67f0d4ef5c66f80 Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Thu, 8 Sep 2016 14:33:50 +0200
Subject: [PATCH] Generate random session secret if none is supplied

---
 config.py.example | 1 +
 server.py         | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/config.py.example b/config.py.example
index eb145f3..81862a5 100644
--- a/config.py.example
+++ b/config.py.example
@@ -1,6 +1,7 @@
 # Defaults for development ,do not use in production!
 DEBUG = True
 VIDEOPREFIX = 'https://videoag.fsmpi.rwth-aachen.de'
+#SECRET_KEY = 'something random'
 
 DB_SCHEMA = 'db_schema.sql'
 DB_DATA = 'db_example.sql'
diff --git a/server.py b/server.py
index 0a3637c..ceccf64 100755
--- a/server.py
+++ b/server.py
@@ -31,6 +31,8 @@ if not sys.argv[0].endswith('run.py'):
 config.from_pyfile('config.py', silent=True)
 if config['DEBUG']:
 	app.jinja_env.auto_reload = True
+if not config.get('SECRET_KEY', None):
+	config['SECRET_KEY'] = os.urandom(24)
 
 from db import query, searchquery, ldapauth, ldapget, convert_timestamp
 
-- 
GitLab