Home > Blockchain >  Should the keys property of cookie-session in Express.js be random?
Should the keys property of cookie-session in Express.js be random?

Time:10-31

I have the following code:

app.use(cookieSession({
    name: 'cookie_name',
    secret: process.env.COOKIE_SECRET,
    keys: [v4(), v4()],
    secure: cookie_secure,
    httpOnly: true,
    sameSite: true,
    signed: true,
    maxAge: 24 * 60 * 60 * 1000 // 24 hours
}))

The above code v4() is from the uuid library and will generate a random UUIDv4.

My question is pretty simple. Do I want it to be a random number, or should I manually set the keys value? I know that the secret is meant as a single key replacement for the keys value, but I can't get it to work without keys being specified.

CodePudding user response:

No, it never has to be random. It only has to be "secure enough"... It's a broad statement, but anything better than "AAA" or "123" should suffice. You CAN use a random number every time, but you can also choose to manually set it.

Page link:https//www.codepudding.com/Blockchain/593852.html

Prev:When passing a list to an api I get the following error code "json.decoder.JSONDecodeError: Exp
Next:Following pointer and offset arithmetic
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding