From 0aea4da16041777b63820e1a2df1982723e64281 Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Thu, 18 Aug 2011 12:09:25 +0300
Subject: [PATCH] move cookie secret into var_path.  issue #172

---
 browserid/app.js | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/browserid/app.js b/browserid/app.js
index 4a3ecdaf9..c4dbf41d7 100644
--- a/browserid/app.js
+++ b/browserid/app.js
@@ -35,13 +35,7 @@
 
 const
 fs = require('fs'),
-path = require('path');
-
-// create the var directory if it doesn't exist
-var VAR_DIR = path.join(__dirname, "var");
-try { fs.mkdirSync(VAR_DIR, 0755); } catch(e) { };
-
-const
+path = require('path'),
 url = require('url'),
 crypto = require('crypto'),
 wsapi = require('./lib/wsapi.js'),
@@ -62,9 +56,7 @@ logger.info("browserid server starting up");
 // open the databse
 db.open(configuration.get('database'));
 
-// looks unused, see run.js
-// const STATIC_DIR = path.join(path.dirname(__dirname), "static");
-const COOKIE_SECRET = secrets.hydrateSecret('cookie_secret', VAR_DIR);
+const COOKIE_SECRET = secrets.hydrateSecret('browserid_cookie', configuration.get('var_path'));
 const COOKIE_KEY = 'browserid_state';
 
 function internal_redirector(new_url) {
@@ -155,8 +147,6 @@ function router(app) {
   });
 };
 
-exports.varDir = VAR_DIR;
-
 exports.setup = function(server) {
   // request to logger, dev formatted which omits personal data in the requests
   server.use(express.logger({
@@ -175,7 +165,6 @@ exports.setup = function(server) {
 
   var cookieSessionMiddleware = sessions({
     secret: COOKIE_SECRET,
-    //    session_key: COOKIE_KEY,
     key: COOKIE_KEY,
     cookie: {
         path: '/',
-- 
GitLab