Let the secret token be set in configuration.yml.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9567 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2012-04-28 12:00:45 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2012-04-28 12:00:45 +0000
commit: bceaf8be94091ca331b820fdc68e4a3b10a831bd (patch)
tree: 48f7679c9e79dc9b5d1565f2ab24e2e8cd8270c7 /config/configuration.yml.example
parent: 52986e8cd1bba6ad1c4e3e78fe5f1d8d3eb5d44f (diff)
download: redmine-bceaf8be94091ca331b820fdc68e4a3b10a831bd.tar.gz
redmine-bceaf8be94091ca331b820fdc68e4a3b10a831bd.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/config/configuration.yml.example b/config/configuration.yml.example
index 9fefdde22..2224cd130 100644
--- a/config/configuration.yml.example
+++ b/config/configuration.yml.example
@@ -154,6 +154,15 @@ default:
   #
   #mirror_plugins_assets_on_startup: false
 
+  # Your secret key for verifying cookie session data integrity. If you
+  # change this key, all old sessions will become invalid! Make sure the
+  # secret is at least 30 characters and all random, no regular words or
+  # you'll be exposed to dictionary attacks.
+  #
+  # If you have a load-balancing Redmine cluster, you have to use the
+  # same secret token on each machine.
+  #secret_token: 'change it to a long random string'
+
 # specific configuration options for production environment
 # that overrides the default ones
 production:
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2012-04-28 12:00:45 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2012-04-28 12:00:45 +0000
commit	bceaf8be94091ca331b820fdc68e4a3b10a831bd (patch)
tree	48f7679c9e79dc9b5d1565f2ab24e2e8cd8270c7 /config/configuration.yml.example
parent	52986e8cd1bba6ad1c4e3e78fe5f1d8d3eb5d44f (diff)
download	redmine-bceaf8be94091ca331b820fdc68e4a3b10a831bd.tar.gz redmine-bceaf8be94091ca331b820fdc68e4a3b10a831bd.zip