ravi-patel/flask
1
0
Fork 0
forked from orbit-oss/flask
Code Pull requests Activity

update docs about fallback order

Browse source
This commit is contained in:
David Lord 2025-03-29 16:18:43 -07:00
parent fb54159861
commit cbb6c36692
No known key found for this signature in database
GPG key ID: 43368A7AA8CC5926
1 changed files with 6 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
docs/config.rst
View file

@ -127,13 +127,16 @@ The following configuration values are used internally by Flask:
.. py:data:: SECRET_KEY_FALLBACKS .. py:data:: SECRET_KEY_FALLBACKS
A list of old secret keys that can still be used for unsigning, most recent A list of old secret keys that can still be used for unsigning. This allows
first. This allows a project to implement key rotation without invalidating a project to implement key rotation without invalidating active sessions or
active sessions or other recently-signed secrets. other recently-signed secrets.
Keys should be removed after an appropriate period of time, as checking each Keys should be removed after an appropriate period of time, as checking each
additional key adds some overhead. additional key adds some overhead.
Order should not matter, but the default implementation will test the last
key in the list first, so it might make sense to order oldest to newest.
Flask's built-in secure cookie session supports this. Extensions that use Flask's built-in secure cookie session supports this. Extensions that use
:data:`SECRET_KEY` may not support this yet. :data:`SECRET_KEY` may not support this yet.