i have a project with standard-tg authentication running with TG 2.2.
Accidentally i just found these lines in my app_cfg.py
# YOU MUST CHANGE THIS VALUE IN PRODUCTION TO SECURE YOUR APP
> base_config.sa_auth.cookie_secret = "ChangeME"
So i changed that string to something else. The curious thing is, that
afterwards i could not login with some of the existing users, but could
login with some others. Some efforts like deleting cookies or changing
passwords did not work. So i changed it again to "ChangeME" and now its
fine - well, actually not cause i want a secure app ;)
What does this cookie secret actually do? How can i change the secret
without breaking the authentication? Are there any restrictions for the
Thanks in advance.