Session: deprecation issue?

Created on 29 Jan 2015  路  8Comments  路  Source: expressjs/session

I don't know why but I can't shake this issue and I read through any other issue pertaining to this. ie: #100 but it hasn't helped :cry:

var express, expressSession, app, aSecret, port, server;
express = require('express');
expressSession = require('express-session');
app = module.exports = express();
aSecret = process.env.cookie;
app.use(expressSession({
  secret: aSecret,
  resave: false,
  saveUninitialized: true,
  cookie: {
    path: '/',
    httpOnly: true
  }
}));
app.route('*').get(function(req, res){
  return res.send('ok');
});
if (!module.parent && (process.env.HTTP != null || process.env.PORT != null)) {
  port = (process.env.HTTP || process.env.PORT) || (yargs.argv.http || yargs.argv.port);
  console.log('Server started on port ' + port + ' at ' + new Date(Date.now()));
  server = app.listen(port);
}

what am I doing wrong? I thought this is how to pass secret to express-session?


I keep getting:

express-session deprecated req.secret; provide secret option app.js:6:9
question

Most helpful comment

It's very likely that if you console.dir(aSecret), it's an empty string.

All 8 comments

It's very likely that if you console.dir(aSecret), it's an empty string.

darn it I thought I checked that already; woops thanks!

@dougwilson same mistake..hehe thanks

Ran into this error today as well. Perhaps there can be a better error message here?

@tnguyen14 do you have an idea for what would make the error message better? Suggested edits are welcome!

Same here, thought it was deprecated but was actually an empty string.

Could always switch deprecation to:

express-session warning req.secret; please provide session secret

or

express-session warning req.secret; session secret undefined or blank ?

It's very likely that if you console.dir(aSecret), it's an empty string.

@dougwilson Thanks, i was not setting the env variables on heroku

It's been almost 5 years, and we still have the same error message suggesting that the method we are using is deprecated but, in actuality, is just undefined.

Was this page helpful?
0 / 5 - 0 ratings