From 663826e295c9b156660c04463e9f0040aa0ba97e Mon Sep 17 00:00:00 2001
From: Gronod <gordon@i3omb.com>
Date: Sat, 16 May 2026 17:07:43 +0100
Subject: [PATCH] chore: add COOKIE_SECRET to .env, .env.example, .env.sample

Generated a 64-char hex secret (openssl rand -hex 32 equivalent) and
added it to .env. Updated .env.example and .env.sample with the new
required variable and a generation hint. This is the production secret
for HMAC-signing the emby_user session cookie.
---
 .env.example | 4 ++++
 .env.sample  | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/.env.example b/.env.example
index 4120a26..759ae13 100644
--- a/.env.example
+++ b/.env.example
@@ -2,6 +2,10 @@
 PORT=3001
 LOG_LEVEL=info
 
+# Cookie signing secret for tamper-proof session cookies
+# Required in production. Generate with: openssl rand -hex 32
+COOKIE_SECRET=your_cookie_secret_here
+
 # Background polling interval in ms (default: 5000)
 # Set to 0 or "off" to disable and fetch on-demand instead
 # POLL_INTERVAL=5000
diff --git a/.env.sample b/.env.sample
index a302aff..ec72b95 100644
--- a/.env.sample
+++ b/.env.sample
@@ -14,6 +14,11 @@ PORT=3001
 # - silent: No logging
 LOG_LEVEL=info
 
+# Cookie signing secret for tamper-proof session cookies
+# Required in production (server exits on startup if unset).
+# Generate with: openssl rand -hex 32
+COOKIE_SECRET=your-cookie-secret-here
+
 # Background polling interval in milliseconds (default: 5000)
 # sofarr polls all services in the background and caches results so
 # dashboard requests are near-instant.