cookie
Configure the behavior of HTTP cookies
Cookie key
Values of HTTP cookies set by the Kirby backend are signed (or authenticated) to prevent easy tampering. Generating these signatures (so-called HMACs) requires a key that should be stable and consistent on the server, but still independent from other sites or setups and ideally private and hard to guess. The key is set to a fixed string by default, so you should define your own key that will be used instead:
return [
'cookie' => [
'key' => '...'
]
];
The cookie key should be a long string of random characters.
You can read more about the security impact of this option in the security guide.