From 887ed241d64ba5db3fd3d87194fb5595e5ad7d73 Mon Sep 17 00:00:00 2001
From: r <r@freesoftwareextremist.com>
Date: Tue, 25 Oct 2022 13:40:49 +0000
Subject: Use cookies for session storage

Remove the server side session storage and store all the session related data
in the client side cookies. This decreases the exposure of the auth tokens.
It also simplifies the installation process as bloat no longer requires write
access to the filesystem.

This is a breaking change, all the existing sessions will stop working.
---
 INSTALL | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

(limited to 'INSTALL')

diff --git a/INSTALL b/INSTALL
index 8f8c6d4..2d8047f 100644
--- a/INSTALL
+++ b/INSTALL
@@ -23,16 +23,8 @@ most cases, you only need to change the value of "client_website".
 # cp bloat.gen.conf /etc/bloat.conf
 # $EDITOR /etc/bloat.conf
 
-4. Create database directory
-Create a directory to store session information. Optionally, create a user
-to run bloat and change the ownership of the database directory accordingly.
-# mkdir /var/bloat
-# useradd _bloat
-# chown -R _bloat:_bloat /var/bloat
-Replace /var/bloat with the value you specified in the config file.
-
 5. Run the binary
-# su _bloat -c bloat
+$ bloat
 Now you should create an init script to automatically start bloat at system 
 startup.
 
-- 
cgit v1.2.3