JWT_SECRET & COOKIE_SECRET bad defaults #171
Description
Is there a reason why JWT_SECRET and COOKIE_SECRET are not automatically randomly generated? Do they need to be the same each time the server restarts? What cryptographic requirements are they supposed to have? I haven't seen any information documenting these things.
It could be set to to some random string generated with crypto but that value would change every time the server restarted.