Skip to content

Commit 216fc1b

Browse files
Merge pull request #253 from KotapatiSaiMounika/fix-session-secret
Fix hardcoded Express session secret
2 parents 7b644bf + 94a0dbb commit 216fc1b

2 files changed

Lines changed: 8 additions & 2 deletions

File tree

backend/.env.example

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,4 +15,6 @@ CLOUDINARY_API_SECRET=your_api_secret
1515
EMAIL_USER=youremail@gmail.com
1616
EMAIL_PASS=yourapppassword
1717

18-
NODE_ENV=development # "development" for local or "production" for deployment
18+
NODE_ENV=development # "development" for local or "production" for deployment
19+
20+
SESSION_SECRET=replace_with_secure_random_secret

backend/index.js

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,9 +36,13 @@ connectDB();
3636

3737
app.use(bodyParser.json());
3838

39+
if (!process.env.SESSION_SECRET) {
40+
throw new Error("SESSION_SECRET environment variable is required");
41+
}
42+
3943
app.use(
4044
session({
41-
secret: "keyboard cat",
45+
secret: process.env.SESSION_SECRET,
4246
resave: false,
4347
saveUninitialized: false,
4448
cookie: {

0 commit comments

Comments
 (0)