Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Login working in localhost but error "secret option required for sessions" when deployed in Heroku

Tags:

node.js

reactjs

express

heroku

My authentification works properly on localhost but gives me error 500 when deployed on Heroku.

Error: 

{"type":"error","error":{"message":"secret option required for sessions"}}

I have my secret session on a .env file that is ignored by .gitignore when pushing (maybe I should change that?)

Heroku Logs:

2019-10-23T17:22:22.682593+00:00 heroku[router]: at=info method=GET path="/manifest.json" host=apppack-demo.herokuapp.com request_id=bb235945-cb82-4168-91ce-fd19d2109801 fwd="85.240.87.39" dyno=web.1 connect=0ms service=2ms status=304 bytes=237 protocol=https
2019-10-23T17:22:22.793594+00:00 heroku[router]: at=info method=GET path="/logo192.png" host=apppack-demo.herokuapp.com request_id=8a1d2243-45c9-4919-b2ad-3ee8f9148d9c fwd="85.240.87.39" dyno=web.1 connect=0ms service=2ms status=304 bytes=238 protocol=https
2019-10-23T17:22:35.594349+00:00 heroku[router]: at=info method=POST path="/api/signup" host=apppack-demo.herokuapp.com request_id=43907374-4de3-4658-92ce-9188f03e1624 fwd="85.240.87.39" dyno=web.1 connect=0ms service=3ms status=500 bytes=300 protocol=https
2019-10-23T17:22:35.592607+00:00 app[web.1]: POST /api/signup 500 1.206 ms - 74
like image 690
Marcos Gómez Avatar asked Oct 21 '25 03:10

Marcos Gómez

1 Answers

I recently had this issue with my app. I was getting the 'Error: secret option required for sessions' ONLY when deployed to Heroku.

Here is what my code looked like originally:

app.use(session({
  secret: process.env.SESSION_SECRET, 
  resave: false, 
  saveUninitialized: false
}))

When I deployed to Heroku it kept giving me an "Internal server error". Once checking the logs, it showed me 'Error: secret option required for sessions'.

Here is how I fixed it:

app.use(session({
  secret: 'secretidhere', 
  resave: false, 
  saveUninitialized: false
}))

Since my .env file wasn't viewable and that's where I had my secret code, it was giving me that error. Now, just by putting an arbitrary string 'secretidhere', I deployed to heroku again and it worked!

** However, please note that this should not be a permanent solution. As the poster above states, you should have a config file in your root directory, or another method so this session stays secret.

Hope this helps!

like image 85
rachelvb Avatar answered Oct 23 '25 19:10

rachelvb

Sign in to Comment

Related questions

NodeJS: Reached heap limit Allocation failed - JavaScript heap out of memory
Node.js cannot import from a file in the same directory
How to make the bot send personalized emojis?
How do I use console.table but to stderr?
Error installing nodejs version 12 on alpine linux
How do I test Stripe Express manual payouts in the test mode?
How can I list the all Discord servers ID where my bot are in the console? | discord.js
MongoDB: Update property of subarray just updates the first element
Store JSON data in MySQL table
I get ENOTFOUND Node.JS with IP Address
Fatal javascript OOM in GC during deserialization
node | MySQL multiple WHERE with AND clause
How can I split a string containing n concatenated json string in javascript/nodejs?
How to identify users in socket.io?
Google oAuth with passportjs + Vue
Cannot save ISO String as a filename due to colons
npm error when trying to run "npx create-expo-app expoApp"
ERR_REQUIRE_ESM for import with @xenova/transformers

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!