To ensure that your session information is secure, a strong, cryptographically secure secret key is needed. That secret key cannot be hard coded in your source code and that is for two reasons. Since your Qradar App will be installed many different times, each installation needs a different secret key. Beyond that, itâ€™s best practice to keep credentials out of source code.
Python has a handy os function that leverages the randomness generator of the operating system youâ€™re running on.
We first must import the os module.
Then weâ€™ll update our application configuration. See the embedded comments for more explanation
app.config.update( Â Â Â #Set the secret key to a sufficiently random value Â Â Â SECRET_KEY=os.urandom(24), Â Â Â #Set the session cookie to be secure Â Â Â SESSION_COOKIE_SECURE=True, Â Â Â #Set the session cookie for our app to a unique name Â Â Â SESSION_COOKIE_NAME='YourAppName-WebSession', Â Â Â #Set CSRF tokens to be valid for the duration of the session. This assumes youâ€™re using WTF-CSRF protection Â Â Â WTF_CSRF_TIME_LIMIT=None )
With this set up you avoid the issue of storing your secret key securely. It is re-generated each time your application is initialized.
For more information on what each config value does, you can check out the flask docs and the WTF docs
Questions? Head over to the Qradar AppDev form.