From 6fa1f1b8b8d39007a7d83b986d978588e4655302 Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Mon, 6 May 2024 14:07:56 +0200
Subject: [PATCH] set cookie secret unconditionally

no reason to leave it undefined, even if we don't use it
---
 binderhub/app.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/binderhub/app.py b/binderhub/app.py
index 4c9e8f4c2..5eb97aa9c 100644
--- a/binderhub/app.py
+++ b/binderhub/app.py
@@ -962,8 +962,7 @@ def initialize(self, *args, **kwargs):
                 "enable_api_only_mode": self.enable_api_only_mode,
             }
         )
-        if self.auth_enabled:
-            self.tornado_settings["cookie_secret"] = os.urandom(32)
+        self.tornado_settings["cookie_secret"] = os.urandom(32)
         if self.cors_allow_origin:
             self.tornado_settings.setdefault("headers", {})[
                 "Access-Control-Allow-Origin"