String of text to sign the cookies. Verifies the browser got the cookies from OUR backend. Prevents session highjack.
app.use(session({
secret:
});
Shows the what kind of backend gave the cookie. The cookies made from the domain only transport in between the specific backend and the browser.
URL
Shows session has experiration date. If the specific expiration date is not set, it is going to be set as
session cookie
. Andsession cookie
ends when browser is closed, or computer is turned off.
Setting how long the cookies will be saved on the browser. The unit is in millioseconds.
This fine will going to contain some code which is not supposed to be open to anybody for the security reason. (Not in the git or github too)
.env
file.env
in the .gitignore
.env
file is written in uppercase. COOKIE_SECRET=alskdmf12mlf49smlekfmwlek2
DB_URL=writeDBUrl
.env
file?app.use(
session({
secret: process.env.COOKIE_SECRET,
store: MongoStore.create({ mongoUrl: process.env.DB_URL }),
})
)
But this won't work because NodeJS can not read .env file. So we have to install a package called dotenv
.
A package which will read .env file and put the data inside the process.env.
install i dotenv
npm docs say the dotenv config should be coded early as possible in the application. If you see the package.json,
"scripts": {
"dev": "nodemon --exec babel-node src/init.js"
we can see init.js file is very first file to start the application.
Type import "dotenv/config";
(or you can write require("dotenv").config();
to every file has .env variables (but that's too much repeats)