From 0eb0024e87ed5edd62deaaab120938834332f492 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20LAJOIE?= Date: Fri, 4 Sep 2020 16:20:41 +0200 Subject: [PATCH] Doc: cookie-secret is a mandatory field for cookie session --- docs/configuration/sessions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration/sessions.md b/docs/configuration/sessions.md index 0cf9fa6f..5d884a32 100644 --- a/docs/configuration/sessions.md +++ b/docs/configuration/sessions.md @@ -29,7 +29,7 @@ side cookies and transferred with each and every request. The following should be known when using this implementation: - Since all state is stored client side, this storage backend means that the OAuth2 Proxy is completely stateless - Cookies are signed server side to prevent modification client-side -- It is recommended to set a `cookie-secret` which will ensure data is encrypted within the cookie data. +- It is mandatory to set a `cookie-secret` which will ensure data is encrypted within the cookie data. - Since multiple requests can be made concurrently to the OAuth2 Proxy, this session implementation cannot lock sessions and while updating and refreshing sessions, there can be conflicts which force users to re-authenticate