use COOKIES_SECRET_KEY

inventory-app/const.py

@@ -17,3 +17,4 @@ BUCKET_NAME = os.environ["BUCKET_NAME"]
 INVENTORY_ASSETS_BASE_URL = os.environ["INVENTORY_ASSETS_BASE_URL"]
 MONGO_URI = os.environ["MONGO_URI"]
 MACADDRESS_OUTLINK_BASEURL = os.environ["MACADDRESS_OUTLINK_BASEURL"]
+COOKIES_SECRET_KEY = os.environ["COOKIES_SECRET_KEY"] # session storage, random chars

inventory-app/main.py

@@ -7,26 +7,22 @@ from functools import wraps
 from http.server import BaseHTTPRequestHandler, HTTPServer
 
 import bleach
+import const
 import jinja2
 import markdown
 import segno
+from common import User, devenv, format_name, get_users
+from doorboy import page_doorboy
 from flask import Flask, abort, g, redirect, request
+from inventory import page_inventory
 from jinja2 import Environment, FileSystemLoader
 from markupsafe import Markup
-from prometheus_client import Gauge, CollectorRegistry, generate_latest
+from oidc import login_required, page_oidc
+from prometheus_client import CollectorRegistry, Gauge, generate_latest
 from prometheus_flask_exporter import PrometheusMetrics
 from pymongo import MongoClient
-from wtforms import (
-    SelectMultipleField,
-    ValidationError,
-    widgets,
-)
+from wtforms import SelectMultipleField, ValidationError, widgets
 
-import const
-from common import devenv, format_name, get_users, User
-from inventory import page_inventory
-from oidc import page_oidc, login_required
-from doorboy import page_doorboy
 
 def check_foreign_key_format(item):
     owner = item.get("inventory", {}).get("owner", {})
@@ -120,6 +116,7 @@ class ReverseProxied(object):
         return self.app(environ, start_response)
 
 app = Flask(__name__)
+app.secret_key = const.COOKIES_SECRET_KEY
 app.wsgi_app = ReverseProxied(app.wsgi_app)
 app.register_blueprint(page_inventory)
 app.register_blueprint(page_oidc)