From 6fe45afe69aab66f4f8f8bf90a63cd1d687045ad Mon Sep 17 00:00:00 2001
From: iamjpotts <8704475+iamjpotts@users.noreply.github.com>
Date: Tue, 15 Nov 2022 02:02:36 -0600
Subject: [PATCH] Fix bug in cookie-auth example where secret is too short
 (#583)

---
 auth/cookie-auth/src/main.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/auth/cookie-auth/src/main.rs b/auth/cookie-auth/src/main.rs
index a432a9e7..facfbf72 100644
--- a/auth/cookie-auth/src/main.rs
+++ b/auth/cookie-auth/src/main.rs
@@ -33,16 +33,16 @@ async fn main() -> std::io::Result<()> {
     std::env::set_var("RUST_LOG", "actix_web=info");
     env_logger::init();
 
-    // Generate a random 32 byte key. Note that it is important to use a unique
-    // private key for every project. Anyone with access to the key can generate
+    // Generate a random secret key. Note that it is important to use a unique
+    // secret key for every project. Anyone with access to the key can generate
     // authentication cookies for any user!
-    let private_key = rand::thread_rng().gen::<[u8; 32]>();
+    let secret_key = Key::generate();
 
     HttpServer::new(move || {
         App::new()
             .wrap(IdentityMiddleware::default())
             .wrap(
-                SessionMiddleware::builder(CookieSessionStore::default(), Key::from(&private_key))
+                SessionMiddleware::builder(CookieSessionStore::default(), secret_key)
                     .cookie_name("auth-example".to_owned())
                     .cookie_secure(false)
                     .build(),