Move sessionKey setting from settings.json to SESSIONKEY.txt

2 files changed, 8 insertions, 10 deletions

diff --git a/settings.json.template b/settings.json.template
index ea7ed1e1..039413d1 100644
--- a/settings.json.template
+++ b/settings.json.template
@@ -15,10 +15,6 @@
   "ip": "0.0.0.0",
   "port" : 9001,
 
-  // Session Key, used for reconnecting user sessions
-  // Set this to a secure string at least 10 characters long.  Do not share this value.
-  "sessionKey" : "",
-
   /*  
   // Node native SSL support
   // this is disabled by default
diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js
index 7e0e6c5a..bd15a2df 100644
--- a/src/node/utils/Settings.js
+++ b/src/node/utils/Settings.js
@@ -286,13 +286,15 @@ exports.reloadSettings = function reloadSettings() {
     }
   }
 
-  if(!exports.sessionKey){ // If the secretKey isn't set we also create yet another unique value here
-    exports.sessionKey = randomString(32);
-    var sessionWarning = "You need to set a sessionKey value in settings.json, this will allow your users to reconnect to your Etherpad Instance if your instance restarts";
-    if(!exports.suppressErrorsInPadText){
-      exports.defaultPadText = exports.defaultPadText + "\nWarning: " + sessionWarning + suppressDisableMsg;
+  if (!exports.sessionKey) {
+    try {
+      exports.sessionKey = fs.readFileSync("./SESSIONKEY.txt","utf8");
+    } catch(e) {
+      exports.sessionKey = randomString(32);
+      fs.writeFileSync("./SESSIONKEY.txt",exports.sessionKey,"utf8");
     }
-    console.warn(sessionWarning);
+  } else {
+    console.warn("Declaring the sessionKey in the settings.json is deprecated. This value is auto-generated now. Please remove the setting from the file.");
   }
 
   if(exports.dbType === "dirty"){