Skip to content

Commit 764b443

Browse files
author
Taylor Hughes
committed
Make it obvious to anyone reading copy-pasted example code that the cookie secret is not suitable for production use.
1 parent 3474d5f commit 764b443

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

website/sphinx/overview.rst

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -392,7 +392,7 @@ application settings as keyword arguments to your application:
392392

393393
application = tornado.web.Application([
394394
(r"/", MainHandler),
395-
], cookie_secret="61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=")
395+
], cookie_secret="__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__")
396396

397397
Signed cookies contain the encoded value of the cookie in addition to a
398398
timestamp and an `HMAC <http://en.wikipedia.org/wiki/HMAC>`_ signature.
@@ -451,7 +451,7 @@ specifying a nickname, which is then saved in a cookie:
451451
application = tornado.web.Application([
452452
(r"/", MainHandler),
453453
(r"/login", LoginHandler),
454-
], cookie_secret="61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=")
454+
], cookie_secret="__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__")
455455

456456
You can require that the user be logged in using the `Python
457457
decorator <http://www.python.org/dev/peps/pep-0318/>`_
@@ -469,7 +469,7 @@ rewritten:
469469
self.write("Hello, " + name)
470470

471471
settings = {
472-
"cookie_secret": "61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=",
472+
"cookie_secret": "__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__",
473473
"login_url": "/login",
474474
}
475475
application = tornado.web.Application([
@@ -510,7 +510,7 @@ include the application setting ``xsrf_cookies``:
510510
::
511511

512512
settings = {
513-
"cookie_secret": "61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=",
513+
"cookie_secret": "__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__",
514514
"login_url": "/login",
515515
"xsrf_cookies": True,
516516
}
@@ -577,7 +577,7 @@ You can serve static files from Tornado by specifying the
577577

578578
settings = {
579579
"static_path": os.path.join(os.path.dirname(__file__), "static"),
580-
"cookie_secret": "61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=",
580+
"cookie_secret": "__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__",
581581
"login_url": "/login",
582582
"xsrf_cookies": True,
583583
}

0 commit comments

Comments
 (0)