I am studying back-end programming, specifically with Node.js and ExpressJS and currently it baffles me how does the "keys" prop of cookie-session library help us? What is the point of it? Have been reading a lot of different materials related to authentication, sessions and etc, but the answer to this particular question remains to be ambiguous to me.

Could someone give me an in-depth explanation, preferably both ways: in simple terms and using programming lexicon, regarding this topic?

to explain it in simple terms:

it's essentially using different keys (rotating the keys) every certain time period to encrypt the data; so that the data breach from one key can be contained/limited; or let's say a key can be cracked in x months, then rotating the key - using a different key every x-1 months to reduce the probability of data being compromised.

This question actually belongs to crypto stack exchange and is kinda hard to describe and out of the scope to include in the docs. The search also doesn't return any accurate and results unless you search specifically for methods/algorithms of key rotation.

visit these to get some conceptual overview and in-depth examples:

• What's the purpose of key-rotation? (recommended)
• Key Rotation for Authenticated Encryption

And these for more in-depth technical and mathematical reference:

• Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits?

• Fast and Secure Updatable Encryption

Whatever values (inside the array) are provided for keys prop are used to encrypt and decrypt the user.id / sessions.id that we store in the cookie of our browser.