chore: add COOKIE_SECRET to .env, .env.example, .env.sample

Generated a 64-char hex secret (openssl rand -hex 32 equivalent) and added it to .env. Updated .env.example and .env.sample with the new required variable and a generation hint. This is the production secret for HMAC-signing the emby_user session cookie.
2026-05-16 17:07:43 +01:00
parent 14de5e4644
commit 663826e295
2 changed files with 9 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -2,6 +2,10 @@
 PORT=3001
 LOG_LEVEL=info

+# Cookie signing secret for tamper-proof session cookies
+# Required in production. Generate with: openssl rand -hex 32
+COOKIE_SECRET=your_cookie_secret_here
+
 # Background polling interval in ms (default: 5000)
 # Set to 0 or "off" to disable and fetch on-demand instead
 # POLL_INTERVAL=5000
--- a/.env.sample
+++ b/.env.sample
@@ -14,6 +14,11 @@ PORT=3001
 # - silent: No logging
 LOG_LEVEL=info

+# Cookie signing secret for tamper-proof session cookies
+# Required in production (server exits on startup if unset).
+# Generate with: openssl rand -hex 32
+COOKIE_SECRET=your-cookie-secret-here
+
 # Background polling interval in milliseconds (default: 5000)
 # sofarr polls all services in the background and caches results so
 # dashboard requests are near-instant.