Added note to update session secret

2019-10-26 11:17:29 +10:30 · 2019-10-26 11:17:29 +10:30 · 3c9a86306a
parent 87d40aa70c
commit 3c9a86306a
2 changed files with 17 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -140,6 +140,22 @@ Settings can be managed from the admin panel ([http://127.0.0.1:1111/admin](http

 All settings are stored in json files in the `/config` directory. The main application-level settings are stored in `/config/settings.json` while payment gateway settings are stored in files in the `/config` directory named after the payment gateway. For example, configuration for the Stripe payment gateway is stored in `/config/stripe.json`.

+> When using in production be sure to update the session secret in `app.js` to a safe random string. Eg:
+
+```
+app.use(session({
+    resave: true,
+    saveUninitialized: true,
+    secret: 'UPDATE_TO_RANDOM_STRING',
+    cookie: {
+        path: '/',
+        httpOnly: true,
+        maxAge: 900000
+    },
+    store: store
+}));
+```
+
 ##### Local configuration

 If you'd rather store settings in a file which isn't checked into version control, you can create a new settings file at `/config/settings-local.json` and store your complete settings there. When viewing or editing settings in the admin panel, expressCart will detect the existence of this file and update it accordingly.
--- a/app.js
+++ b/app.js
@ -243,7 +243,7 @@ app.use(cookieParser('5TOCyfH3HuszKGzFZntk'));
 app.use(session({
    resave: true,
    saveUninitialized: true,
-    secret: 'pAgGxo8Hzg7PFlv1HpO8Eg0Y6xtP7zYx',
+    secret: 'UPDATE_TO_RANDOM_STRING',
    cookie: {
        path: '/',
        httpOnly: true,