Hi all
I found in apisix-dashboard/api/internal/route.go, the cookie secret directly setting in the codebase, I think it may need to use api/conf/conf.yaml or env file to set it.
https://github.com/apache/apisix-dashboard/blob/master/api/internal/route.go#L58

cc @nic-chen @starsz to confirm.
oh, we don't use sessions, we could remove it.
ok, then it's not a high vulnerability issue? we could mark it as good first?
ok, then it's not a high vulnerability issue? we could mark it as
good first?
It's not. This code is not used.
Good capture. @stu01509
I will fix it in tonight, please assign the issue to me.