Hi all,
I’m using Dancer::Session::Cookie and facing a bit of a conundrum with the
session_cookie_key a setup in the config file.
As we all know it’s not recommended to include live secrets in a git
repository, so I’m attempting to create the session_cookie_key dynamically upon
Dancer startup (documented here:
https://metacpan.org/pod/Dancer::Config#SETTINGS),
as follows:
use Dancer;
set session_cookie_key =>
crypto_nonce(20);
...
dance;
where crypto_nonce() is a cryptographically strong nonce generator (this
approach happens to work for this particular app, because it’s an
admin/dashboard panel with a small number of infrequent users, and the it runs
on a single machine).
I try to run the app, and get the following error:
The setting session_cookie_key must be
defined at
/home/hermann/perl5/perlbrew/perls/perl-5.26.2/lib/site_perl/5.26.2/Dancer/Session/Cookie.pm
line 38
So I add the following to environments/production.yml:
session_cookie_key : “1”
Try to run the app again, and not unexpectedly, I end up with
session_cookie_key = 1.
I can work around the problem by adding a hook:
hook 'before' => sub {
if (
length(config->{'session_cookie_key'}) < 5 ) {
set session_cookie_key
=> crypto_nonce(20);
}
...
};
I’m wondering if there’s a more elegant way to accomplish what I’m trying
to do?
Thanks in advance!
Hermann