From 7029a2efc7c689d58e885eb12374b23c578763f9 Mon Sep 17 00:00:00 2001
From: Matt Silverlock <matt@eatsleeprepeat.net>
Date: Sat, 8 Aug 2015 19:16:04 +0800
Subject: Improved warning around GenerateRandomKey.

---
 securecookie.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/securecookie.go b/securecookie.go
index 7dd373d..b1cb144 100644
--- a/securecookie.go
+++ b/securecookie.go
@@ -474,6 +474,9 @@ func decode(value []byte) ([]byte, error) {
 
 // GenerateRandomKey creates a random key with the given length in bytes.
 // On failure, returns nil.
+//
+// Callers should explicitly check for the possibility of a nil return, treat
+// it as a failure of the system random number generator, and not continue.
 func GenerateRandomKey(length int) []byte {
 	k := make([]byte, length)
 	if _, err := io.ReadFull(rand.Reader, k); err != nil {
-- 
cgit v1.2.3


From 6d727f0c85dca64d111f5654c33c08f8162220dd Mon Sep 17 00:00:00 2001
From: Matt Silverlock <matt@eatsleeprepeat.net>
Date: Sat, 8 Aug 2015 19:19:02 +0800
Subject: Added note re: using GenerateRandomKey() not persisting keys.

---
 securecookie.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/securecookie.go b/securecookie.go
index b1cb144..a776889 100644
--- a/securecookie.go
+++ b/securecookie.go
@@ -126,6 +126,10 @@ type Codec interface {
 // of the encryption algorithm. For AES, used by default, valid lengths are
 // 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256.
 // The default encoder used for cookie serialization is encoding/gob.
+//
+// Note that keys created using GenerateRandomKey() are not automatically
+// persisted. New keys will be created when the application is restarted, and
+// previously issued cookies will not be able to be decoded.
 func New(hashKey, blockKey []byte) *SecureCookie {
 	s := &SecureCookie{
 		hashKey:   hashKey,
-- 
cgit v1.2.3