Secret key generation on the device instead of storing it in git

.gitignore

@@ -0,0 +1,2 @@
+secret.key
+

contextualise.py

@@ -10,6 +10,8 @@ from PIL import Image, ImageDraw, ImageFont
 import numpy as np
 from itertools import zip_longest
 import collections
+import random
+import string
 
 
 app = Flask(__name__, static_url_path='', static_folder="static", template_folder="templates")
@@ -41,8 +43,19 @@ pathofwords = []
 pathofnumbers = []
 
 #VARS FOR THE SESSIONS
-app.secret_key = 'your secret'
+# We don't want to store the secret key in git, but also don't really care what it is
-app.config['SESSION_TYPE'] = 'filesystem'
+# so generate it and store it to a file that's not in git:
+current_dir = os.path.dirname(os.path.realpath(__file__))
+secret_key_file = os.path.join(current_dir, 'secret.key')
+if os.path.exists(secret_key_file):
+    with open(secret_key_file, 'r') as fp:
+        secret_key = fp.read()
+else:
+    secret_key = ''.join(random.choice(string.ascii_lowercase) for i in range(100))
+    with open(secret_key_file, 'w') as fp:
+        fp.write(secret_key)
+app.secret_key = secret_key
+#app.config['SESSION_TYPE'] = 'filesystem' # works only for flask-session (we use native flask cookie-sessions)
 
 def clearSession():
     # Flask sessions are serialised into a cookie, so we cannot use the deque here

templates/layout.html

@@ -13,7 +13,7 @@
 <div id="top">
 <!-- WORDPATH -->
 <div id="thewordpath">
-  {% if functionsession %}[<a href='/clear'>x</a>]{% endif %}
+  {% if functionsession %}[<a href='/clear' title='Clear current score'>x</a>]{% endif %}
   {% for item in functionsession %}
     <span class="word">{{ item }} ▶ </span>
   {% endfor %}