@tomsteele can you find a recommended length

I can't find a standard, but brakeman, a widely used Rails source analysis tool will warn if the secret token is less than 30 characters long http://brakemanscanner.org/docs/warning_types/session_setting/. I say we set it to 32.

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.