Is there a reason why JWT_SECRET and COOKIE_SECRET are not automatically randomly generated? Do they need to be the same each time the server restarts? What cryptographic requirements are they supposed to have? I haven't seen any information documenting these things.
It could be set to to some random string generated with crypto but that value would change every time the server restarted.
Is there a reason why
JWT_SECRETandCOOKIE_SECRETare not automatically randomly generated? Do they need to be the same each time the server restarts? What cryptographic requirements are they supposed to have? I haven't seen any information documenting these things.It could be set to to some random string generated with
cryptobut that value would change every time the server restarted.