1
0
mirror of https://github.com/actix/examples synced 2024-12-03 18:22:14 +01:00

Fix bug in cookie-auth example where secret is too short (#583)

This commit is contained in:
iamjpotts 2022-11-15 02:02:36 -06:00 committed by GitHub
parent 1e1767135d
commit 6fe45afe69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -33,16 +33,16 @@ async fn main() -> std::io::Result<()> {
std::env::set_var("RUST_LOG", "actix_web=info");
env_logger::init();
// Generate a random 32 byte key. Note that it is important to use a unique
// private key for every project. Anyone with access to the key can generate
// Generate a random secret key. Note that it is important to use a unique
// secret key for every project. Anyone with access to the key can generate
// authentication cookies for any user!
let private_key = rand::thread_rng().gen::<[u8; 32]>();
let secret_key = Key::generate();
HttpServer::new(move || {
App::new()
.wrap(IdentityMiddleware::default())
.wrap(
SessionMiddleware::builder(CookieSessionStore::default(), Key::from(&private_key))
SessionMiddleware::builder(CookieSessionStore::default(), secret_key)
.cookie_name("auth-example".to_owned())
.cookie_secure(false)
.build(),