Constantly changing Session IDs.

[BurntNail]

I'm pretty sure this is the right place to put this, but if not then feel free to tell me.

Like the examples, I randomly generate a secret every time my server restarts:

let secret = {
        let mut rng = thread_rng();
        let mut v = Vec::with_capacity(64);
        v.append(&mut rng.gen::<[u8; 32]>().to_vec()); //can't get rand to do a [u8; 64] so fun times ensue
        v.append(&mut rng.gen::<[u8; 32]>().to_vec());
        v
    };
    ```
    
    However, because my server restarts often, that key changes often and logs everybody out when I use a `MemoryStore`. 
    I'm now using a persistent postgres-based store, but every time I restart, the secret regenerates and the auth layer picks a new ID for each user and everyone is logged out.
    
    Is there an intended way to fix this - storing the secret in the db doesn't seem intuitive, so I was wondering if I was doing something wrong.
    
    My Postgres solution is almost identical to [aysnc-sqlx-session](https://lib.rs/crates/async-sqlx-session)'s postgres one.

Thanks!

[maxcountryman]

Most real applications would be given a secret via an environment variable or similar (how you generate this is up to you, but it’s paramount to your app’s security it be done so with care). Generally, you would not create a new secret each time you run your app. These examples do that only to illustrate the basic principles but are not intended to model a more complex app.

[BurntNail]

Perfect - thanks for your speedy answer!