This is in reference to the secret token file.
Michael Hartll rightfully informs us to change the contents of this file to what he provided in the listing on that web page if we are uploading our code to a public repo. However, upon fetching and using code that has a dynamic security token file set like so, is it best practice to replace that file with a static security token once again (as long as our code isn't going back up to a public repo?
I ask because apparently the security token is set for encrypting session/cookie data. And it wouldn't be horrible if you kept it dynamic, but if you restart your server, then anyone who had a cookie or session running on the site won't be able to use it anymore. So it's in our best interest to set the security token to a static one correct?
I just wanted to double check.
What do you do?