orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enable secret key rotation

Browse source
This commit is contained in:
David Lord 2024-11-08 08:09:01 -08:00
parent 7522c4bcdb
commit e13373f838
No known key found for this signature in database
GPG key ID: 43368A7AA8CC5926
9 changed files with 55 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

16
docs/config.rst
View file

@ -125,6 +125,22 @@ The following configuration values are used internally by Flask:
Default: ``None``
.. py:data:: SECRET_KEY_FALLBACKS
A list of old secret keys that can still be used for unsigning, most recent
first. This allows a project to implement key rotation without invalidating
active sessions or other recently-signed secrets.
Keys should be removed after an appropriate period of time, as checking each
additional key adds some overhead.
Flask's built-in secure cookie session supports this. Extensions that use
:data:`SECRET_KEY` may not support this yet.
Default: ``None``
.. versionadded:: 3.1
.. py:data:: SESSION_COOKIE_NAME
The name of the session cookie. Can be changed in case you already have a