Keystone-classic: Please provide a `cookie secret` value for session encryption.

Created on 13 Oct 2017  Â·  8Comments  Â·  Source: keystonejs/keystone-classic

Hi Team:
Here is the problem I encountered。

1.I create the project on local,Installation and execution are normal。
2.I submit it to github
3.I login to my vps, then I use git pull to get the project from github.
4.on my vps, I executenpm install then npm start

at this time,The console reported the following information:

KeystoneJS Configuration Error:

Please provide a `cookie secret` value for session encryption.

Why the local is normal,but the vps is exception?

vps: vultr
vps system: CentOS Linux release 7.3.1611 (Core)
node: v8.7.0

documentation question
Source
picture deineryao

Most helpful comment

The .gitignore ignores the file .env. That file has the cookie secret in it. Create that file with the secret in it on the server and it should work

picture internetErik on 13 Oct 2017
👍6

All 8 comments

The .gitignore ignores the file .env. That file has the cookie secret in it. Create that file with the secret in it on the server and it should work

internetErik picture internetErik on 13 Oct 2017
👍6

you are right @internetErik , thank you

deineryao picture deineryao on 18 Oct 2017

@deineryao you can close this issue now, thanks!

htor picture htor on 30 Apr 2018

So we make up the cookie secret or where do we get it? and is there any syntax for the cookie secret?

BuiKimPhat picture BuiKimPhat on 14 May 2018

@BuiKimPhat yes, you make it up. the more random, the better.

htor picture htor on 14 May 2018

Is there any syntax for this, like: cookie-secret=?????

Vào 15:14 Th 2, 14 thg 5 2018 htor notifications@github.com đã viết:

@BuiKimPhat https://github.com/BuiKimPhat yes, you make it up. the more
random, the better.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/keystonejs/keystone/issues/4463#issuecomment-388733514,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AiEKPsRqg7r0H9ahDOuR5v8ZWlyMqJqpks5tyTzfgaJpZM4P4IUE
.

BuiKimPhat picture BuiKimPhat on 14 May 2018

in my .env I use it like 

COOKIE_SECRET=random-string-here
theraaz picture theraaz on 5 Jun 2018
👍1

The cookie secret is a random string value passed through to Express' cookie parser for signing cookies. This value should be unique for every deployment environment.

Typically this value is set in your project .env file using COOKIE_SECRET=.. (as suggested by @theraaz), but technically you can set in the host environment using whatever means is appropriate (for example, ENV in a Dockerfile).

As mentioned by @internetErik, the .env file is intentionally excluded from git check-in (via .gitignore) so you don't accidentally share the secret used to sign your cookies between different environments.

Regards,
Stennie

stennie picture stennie on 6 Jun 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kamontat picture kamontat  Â·  5Comments
webteckie picture webteckie  Â·  5Comments
joernroeder picture joernroeder  Â·  5Comments
zhdan88vadim picture zhdan88vadim  Â·  5Comments
jacqueslareau picture jacqueslareau  Â·  5Comments