Default session secret to random value

[melvmath]

Awsaml v4.0.0 crashes with Error: secret option required for sessions when launched from Finder/Dock/Spotlight
This is a regression introduced in v4.0.0 — in v3.1.2 the session secret was hardcoded as a static UUID in server.js:

  const sessionSecret = '491F9BAD-DFFF-46E2-A0F9-56397B538060';

In v4.0.0 this was changed to read from an environment variable:

  const sessionSecret = process.env.SESSION_SECRET;

Apps launched from Finder/Dock/Spotlight on macOS do not inherit shell environment variables, so SESSION_SECRET is always undefined in a GUI launch

This fix restores the behaviour of v3.1.2 (always having a secret) while keeping the v4.0.0 improvement of not hardcoding it

Changes
src/main/api/server-config.js — added a fallback so that if no SESSION_SECRET is provided, a cryptographically secure random secret is generated at startup in server-config.js

  secret: secret || require('node:crypto').randomBytes(32).toString('hex'),

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.