Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What should I use for express.cookieParser() secret?

The docs say it should be secret, but my code is published on github.

Would app.use(express.cookieParser(crypto.randomBytes(64).toString())) work, or should the secret be the same when the server restarts? Should I store the secret on disk? How secret does it need to be?

like image 687
nornagon Avatar asked Jul 04 '13 09:07

nornagon


1 Answers

To keep your secret secret, you can set it in an environment variable (called 'COOKIE_SECRET' for example) and then you can do:

var cookieSecret = process.env.COOKIE_SECRET;

app.use(express.cookieParser( cookieSecret ));

(Or if you would like a more sophisticated config setup, you might like to take a look at nconf. It unifies configuration across environment variables, command-line arguments and flat files).

like image 195
poshaughnessy Avatar answered Sep 27 '22 20:09

poshaughnessy