Menu
So I'm using express-session https://github.com/expressjs/session and I was wondering if the secret needed to be unique for every user. I can't seem to find anything that says it does as the usage just lists:
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}))
I'm currently just creating the secret using bcrypt but I'm not sure if this will impact sessions when I update my server file.
var salt1 = bcrypt.genSaltSync();
var salt2 = bcrypt.genSaltSync();
var secret = bcrypt.hashSync(salt1 + salt2, 10);
app.use(session({
secret, // set this to a long random string!,
}));
Should the session be generated inside a function in itself, i.e. function generateSession()
664
The secret is the same for all users. The "secret" you supply simply acts as the salt for the session's hash function. The method you're using is as good as any as it will generate a new salt each time the application is restarted.
169
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
