If it is left blank, Craft will leave it up to the browser to decide – which will be whatever the current request’s domain name is., Craft will check the default session location to see if it contains “://”, indicating that it might be stored with Memcache or the like.
The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. Elevated Sessions functionality can be disabled entirely by setting this to The path that users should be redirected to after logging in from the Control Panel.
This setting will also come into effect if the user visits the CP’s Login page when they are already logged in, or the CP’s root URL (e.g. The URL or path that users should be redirected to after logging in from the front-end site.
This setting will also come into effect if the user visits the site’s Login page (as specified by login Path) when they are already logged in.
In a load-balanced environment, make sure you use the same key on all servers in the cluster. “I’ll just copy the key they used in their example and use it as my own.” Don’t do that.
Use something like https://com/to generate a cryptographically secure key just for yourself!