New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make cookie_secret configurable #3373
Conversation
instead of random. The random cookie name meant that every time you restarted the notebook it would get a new key in the cookie for the same host, resulting in an ever-growing cookie full of obsolete data.
allows config to specify logins that survive across server instances (default behavior unchanged). Depends on PR ipython#3372
I suppose this replace #3372 ? |
No, it's separate, but it depends on it. |
I just re-read the title/description and now I know why you asked - I took them from the wrong commit. This should actually describe the PR now. |
cookie_secret = Bytes(b'', config=True, | ||
help="""The random bytes used to secure cookies. | ||
By default this is a new random number every time you start the Notebook. | ||
Set it to a value in a config file to enable logins to persist across server sessions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want to add a warning "do not shared config files with cookies secret in it" ?
Also we could make the cookie secret maybe in another file in the security folder, or elsewhere.
you configure a path, and if this path is set then server write a random key on it and is able to find it next time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
note added
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, yes, config files are python file, you can read it from here... so merging away.
make cookie_secret configurable Allows config to specify logins that survive across server instances (default behavior unchanged). Add warning about not sharing config files with cookie secret.
make cookie_secret configurable Allows config to specify logins that survive across server instances (default behavior unchanged). Add warning about not sharing config files with cookie secret.
allows config to specify logins that survive across server instances (default behavior unchanged).
Depends on PR #3372