From 70d3105a8ea7b2e88d26b457e28d6219192a52ff Mon Sep 17 00:00:00 2001
From: Julian Lam <julian.lam@gmail.com>
Date: Wed, 1 May 2013 16:27:57 -0400
Subject: [PATCH] configuring express session to use a secret defined in the
 config file, not a hard coded one

---
 config.default.js | 1 +
 src/webserver.js  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/config.default.js b/config.default.js
index d66f4cd60a..ed2c5eacc2 100644
--- a/config.default.js
+++ b/config.default.js
@@ -1,4 +1,5 @@
 var config = {
+	"secret": 'nodebb-secret',
 	"base_url": "http://localhost",
 	"port": 4567,
 	"mailer": {
diff --git a/src/webserver.js b/src/webserver.js
index d1fd88eaed..e895b72200 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -29,7 +29,7 @@ var express = require('express'),
 			client: redisServer,
 			ttl: 60*60*24*14
 		}),
-		secret: 'nodebb',
+		secret: config.secret,
 		key: 'express.sid'
 	}));
 	app.use(function(req, res, next) {