Login/Register
express-session deprecated req.secret; provide secret option app.js:27:9
Asked Answered
deprecatedexpress-session
A

9

16

I typed npm start to run my program but this is the comment that U received in the terminal: express-session deprecated req.secret; provide secret option app.js:27:9. I don't understand how this issue needs to be fixed. This is the code from app.js:27:9

app.use(session({
    store: new FileStore(),
    secret: process.env.SESSION_SECRET,
    resave: false,
    saveUninitialized: true,
    is_logged_in: false,
}))
Allhallowmas answered 14/8, 2020 at 17:22 Comment(2)
check the existence of SESSION_SECRETElliott
tldr; express-session was not given your secret. the value in process.env.SESSION_SECRET (or whatever you passed to the secret option) is empty.Abysmal
D
27

Make sure you added the SESSION_SECRET in .env file. If yes, then in your app.js, add this

const dotenv = require('dotenv').config()

Drone answered 29/10, 2020 at 10:39 Comment(1)
Make sure dotenv is installed: npm i dotenvBon
S
4

You need to load all your environment variables. at line one on the server.js file write this...

if (process.env.NODE_ENV !== 'production') { require('dotenv').config() }

Sihun answered 6/7, 2022 at 18:34 Comment(0)
G
2

I had this same issue and the culprit was adding the SESSION_SECRET to my .env file.

Galibi answered 5/3, 2022 at 23:26 Comment(0)
H
1

If you are on running on Linux server: Add environment variables here

edit /etc/environment

Add:

export SESSION_SECRET="Ssdsd@#e$#Rfe@#$d#$#"

You can check if this is correct created with:

printenv or printenv SESSION_SECRET

..and yes, and in your express:

const dotenv = require('dotenv').config() 

app.use(session({
    secret: process.env.SESSION_SECRET
});
Hostetler answered 13/2, 2021 at 7:15 Comment(2)
I have added .env file and dotenv package config too. but i still get deprecated warning message ' express-session deprecated req.secret; provide secret option'. I found that env variable value was some how empty i have modified the line secret: process.env.SESSION_SECRET || 'myvaluehere' and now warning gone away. thanksThrift
but what's the use of writing secret : process.env.SESSION_SECRET || 'myvaluehere'. we use dotenv to hide the secrets and by doing the thing that you mentioned the vaule is easily accessible to the person who opens the app.js. Instead you could have written it directly and not used dotenvRawdon
H
0

If you added the SESSION_SECRET in your .env file already(SESSION_SECRET='this is my session'),then do require dotenv in your app.js file similar to the following:

const dotenv = require('dotenv').config({path:'./.env'});

mentioning path is important otherwise it's not detecting SESSION_SECRET from .env file.

Helbonia answered 16/12, 2021 at 13:3 Comment(0)
H
0

I was facing the same problem go checkout wether your .env and .gitignore files are in the same folder where server.js is .

Hickey answered 23/4, 2022 at 9:48 Comment(1)
As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.Contingency
P
0

My solution:

Create file: config.js

const cfg = {
    ...,
    secured_key: '06vUSNEzq1z9U476UrMEx7xIOPGYfu2m',
    ...
}

module.exports = cfg;

In app.js

...
const cfg = require('./config');
...

app.use(session({
    secret: cfg.secured_key,
    resave: false,
    saveUninitialized: false
}));
...

This error resolve.

Phyla answered 29/7, 2022 at 2:55 Comment(0)
L
0

I have had the similar issue and have used this code below to resolve it:

dotenv.config({ path: path.resolve(__dirname, "../config.env") });
Lyndonlyndsay answered 28/5, 2024 at 12:41 Comment(0)
F
-1

Put the dotenv config up the lines where you are exporting the files, for example:

const express = require("express"); require("dotenv").config(); const dbConnect = require("./config/mongo"); const userSession = require("./config/session");
Fermin answered 17/6, 2023 at 1:8 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.