Switch to signed cookie auth and stop leaking player IDs
This commit is contained in:
1
IIS.md
1
IIS.md
@@ -14,6 +14,7 @@
|
||||
- `ADMIN_PASSWORD=<your-secret>`
|
||||
- `BasePath=/vote` (only if the site is under a subfolder; omit for root)
|
||||
- Optional: enable stdout logging in `web.config` during troubleshooting only; disable afterward.
|
||||
- Data protection keys are persisted to `App_Data/keys`; ensure this folder is deployed and writable so auth cookies stay valid across app pool recycles.
|
||||
|
||||
## Permissions
|
||||
- Grant modify rights to the app pool identity on `App_Data` (DB file + wal).
|
||||
|
||||
Reference in New Issue
Block a user