@ pls enter nickname 这个有考虑到，所以初始值为16位随机数字和字母的组合，一般来说，防爆破这个复杂度是够的，而且session本身就有过期时间，所以要在短时间内破解难度很大。如果要加强，可以在WAF管理页面手动修改添加特殊符号进密钥，也可以定期修改密钥。如果嫌麻烦可以开启本地配置，本地配置会在每次reload的时候都生成新的密钥，缺点是会导致旧的cookie失效。不过这也是个问题，感谢提醒，下个版本会修改为带特殊符号的密钥。
This was initially taken into account, so the initial value of 16-digit random numbers and letters of the combination, in general, explosion-proof of the complexity is enough, and the session itself has expired time, so in a short time to crack very difficult. If you want to strengthen, you can manually modify the add a special symbol to enter the key in the WAF administration page, or you can modify the key periodically. If you can turn on the local configuration, the local configuration will generate a new key each time reload, the disadvantage of which is that the old cookie will fail. This is also a problem, thanks to the reminder that the next version will be modified to a key with a special symbol.