re: Express.js, Cookies, Sessions, OAuth, and Redirects VIEW POST

FULL DISCUSSION
 

I hope you're not using random secret in the production as you showed in the code snippet. It would not maintain the sessions across server restarts!

 

I am. The application is not in production and I do want sessions to be flushed during restarts. Easiest way to flush the sessions is to use a random secret token.

 

Never thought about that. Would be rather annoying if you're using nodemon and your session gets flushed everytime you save a file though, you'd have to log back in all the time.

I'm not reloading the application on every save. My local setup only requires recompiling frontend assets so the backend sessions aren't flushed on every save. They're only flushed when I recompile the backend and restart. When I start working on the backend again I will probably rethink the session flushing strategy.

code of conduct - report abuse