Our session cookie secret is public in the source code. This means cookies can be arbitrarily forged. Currently, this is not an issue as cookies don't contain sensitive data, but this could change in the future. Move this secret to a DB/config only file.
Our session cookie secret is public in the source code. This means cookies can be arbitrarily forged. Currently, this is not an issue as cookies don't contain sensitive data, but this could change in the future. Move this secret to a DB/config only file.