Before making your application publicly available, you should choose a unique secret key to use to sign the session cookie. Keep this key a secret so that your users won't be able to forge a fake session.
The application secret key is defined by the
application.secret configuration property. By default, the template sets it to
changeme. Note that if you try to run your application in the production mode while your secret key still has the changeme value, Play throws an exception.
We already saw how you can run your application in production mode using the
start sbt command. This command compiles your code, eventually executes the assets pipeline if you use it, and starts the Play ...