How to set the cooki-secret in tornado

[happye...@gmail.com]

hi!
         I don' t know how to  set  the cookie_secret in tornado .Whether it is random or artificially set?
thank you to response my question~

[Lysander Trischler]

Hi,

> I don' t know how to set the cookie_secret in tornado .Whether
> it is random or artificially set?

you have to specify it yourself explicitly. Just pass it to the Application
constructor:

tornado.web.Application(…, cookie_secret="your_secret_here", …)

Please note, you have to use set_secure_cookie(…) instead of set_cookie(…) in
order to take effect.

For more information on the available settings see the documentation:
http://www.tornadoweb.org/en/stable/web.html#tornado.web.Application.settings

Regards,
Lyse

[A. Jesse Jiryu Davis]

A good source for a random cookie is:

>>> import uuid

>>> str(uuid.uuid4())

'69b5b473-07aa-4439-b928-362609a27496'

Do this once and put the string in a file somewhere secure. For example, if your Git repository is widely visible, you may want to keep the cookie secret out of there.

Secret cookies are useful for login cookies, for example, so consider the requirements for a login cookie. If you deployed multiple Tornado instances behind Nginx, they should all have the same cookie secret so that a login cookie generated on one of them is valid on all the others. Similarly, your application should load the same cookie secret every time it starts, so that a logged-in user is still logged in after a restart.

--
You received this message because you are subscribed to the Google Groups "Tornado Web Server" group.
To unsubscribe from this group and stop receiving emails from it, send an email to python-tornad...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[aliane abdelouahab]

hi

there is also the os.urandom(n) which is dependant on the os, and gives a good secret keys.