Default Rails salts are safe with long enough secret_key_base

8 years ago · fed8fc8c8c
parent 821cef7bf0
commit fed8fc8c8c
1 changed files with 2 additions and 2 deletions
--- a/lib/asciinema/endpoint.ex
+++ b/lib/asciinema/endpoint.ex
@ -34,9 +34,9 @@ defmodule Asciinema.Endpoint do
    store: PlugRailsCookieSessionStore,
    key: "_asciinema_session",
    secure: System.get_env("SCHEME") == "https",
-    signing_salt: System.get_env("SESSION_SIGNING_SALT") || "signed encrypted cookie",
+    signing_salt: "signed encrypted cookie",
    encrypt: true,
-    encryption_salt: System.get_env("SESSION_ENCRYPTION_SALT") || "encrypted cookie",
+    encryption_salt: "encrypted cookie",
    key_iterations: 1000,
    key_length: 64,
    key_digest: :sha,