From 6fe45afe69aab66f4f8f8bf90a63cd1d687045ad Mon Sep 17 00:00:00 2001 From: iamjpotts <8704475+iamjpotts@users.noreply.github.com> Date: Tue, 15 Nov 2022 02:02:36 -0600 Subject: [PATCH] Fix bug in cookie-auth example where secret is too short (#583) --- auth/cookie-auth/src/main.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/auth/cookie-auth/src/main.rs b/auth/cookie-auth/src/main.rs index a432a9e7..facfbf72 100644 --- a/auth/cookie-auth/src/main.rs +++ b/auth/cookie-auth/src/main.rs @@ -33,16 +33,16 @@ async fn main() -> std::io::Result<()> { std::env::set_var("RUST_LOG", "actix_web=info"); env_logger::init(); - // Generate a random 32 byte key. Note that it is important to use a unique - // private key for every project. Anyone with access to the key can generate + // Generate a random secret key. Note that it is important to use a unique + // secret key for every project. Anyone with access to the key can generate // authentication cookies for any user! - let private_key = rand::thread_rng().gen::<[u8; 32]>(); + let secret_key = Key::generate(); HttpServer::new(move || { App::new() .wrap(IdentityMiddleware::default()) .wrap( - SessionMiddleware::builder(CookieSessionStore::default(), Key::from(&private_key)) + SessionMiddleware::builder(CookieSessionStore::default(), secret_key) .cookie_name("auth-example".to_owned()) .cookie_secure(false) .build(),