One of the first things you do when creating a new Symfony 2 project is setting your "secret". This secret string is 40 random characters that is used for CSRF protection.

It would be nice if Symfony just generated one for you. I can't imagine how many projects use the secret key ThisTokenIsNotSoSecretChangeIt.

On load this page generates a string consisting of 40 random hex characters. Feel free to load it whenever you need a new secret key.

From the Symfony docs:


type: string required

This is a string that should be unique to your application. In practice, it's used for generating the CSRF tokens, but it could be used in any other context where having a unique string is useful. It becomes the service container parameter named kernel.secret.