Express session secret - from client to server?

542 views Asked by At

I am using express-session with Express 4. I am confused about how I pass the secret from the client to the server. I assume that I need to pass the secret for every request, otherwise I don't really understand what the secret is for.

var session = require('express-session');
var mongoose = require('mongoose');
var MongoStore = require('connect-mongo')(session);

module.exports = session({
    //secret: process.env.SESSION_SECRET,
    secret: 'foo',
    saveUninitialized: true, // (default is true)
    resave: true, // (default is true)
    //store: new MongoStore({'mongoDB': 'sessions'}),
    store: new MongoStore({mongooseConnection: mongoose.connection}),
    maxAge: null,
    //key: 'user_session_key',
    cookie: {secure: false}
});

what am I supposed to do with the secret? and if I should be passing it from client to server, what is the best way to do that?

As you can see, Passport takes care of passing session info from client to server, but req.secret is still undefined:

enter image description here

0

There are 0 answers