11

I typed npm start to run my program but this is the comment that U received in the terminal: express-session deprecated req.secret; provide secret option app.js:27:9. I don't understand how this issue needs to be fixed. This is the code from app.js:27:9

app.use(session({
    store: new FileStore(),
    secret: process.env.SESSION_SECRET,
    resave: false,
    saveUninitialized: true,
    is_logged_in: false,
}))
Rhonda Mckenney
  • 129
  • 1
  • 1
  • 5

8 Answers8

22

Make sure you added the SESSION_SECRET in .env file. If yes, then in your app.js, add this

const dotenv = require('dotenv').config()

Nitin Khandagale
  • 413
  • 5
  • 14
2

You need to load all your environment variables. at line one on the server.js file write this...

if (process.env.NODE_ENV !== 'production') { require('dotenv').config() }

Tsogang Mosweswe
  • 21
  • 1
1

I had this same issue and the culprit was adding the SESSION_SECRET to my .env file.

Tyler2P
  • 2,324
  • 26
  • 22
  • 31
AAMCODE
  • 415
  • 1
  • 7
  • 20
0

If you are on running on Linux server: Add environment variables here

edit /etc/environment

Add:

export SESSION_SECRET="Ssdsd@#e$#Rfe@#$d#$#"

You can check if this is correct created with:

printenv or printenv SESSION_SECRET

..and yes, and in your express:

const dotenv = require('dotenv').config() 

app.use(session({
    secret: process.env.SESSION_SECRET
});
Carnaru Valentin
  • 1,690
  • 17
  • 27
  • 1
    I have added .env file and dotenv package config too. but i still get deprecated warning message ' express-session deprecated req.secret; provide secret option'. I found that env variable value was some how empty i have modified the line secret: process.env.SESSION_SECRET || 'myvaluehere' and now warning gone away. thanks – Brainwash May 02 '21 at 17:18
  • but what's the use of writing secret : process.env.SESSION_SECRET || 'myvaluehere'. we use dotenv to hide the secrets and by doing the thing that you mentioned the vaule is easily accessible to the person who opens the app.js. Instead you could have written it directly and not used dotenv – Atharva Dhamale May 28 '21 at 08:32
0

If you added the SESSION_SECRET in your .env file already(SESSION_SECRET='this is my session'),then do require dotenv in your app.js file similar to the following:

const dotenv = require('dotenv').config({path:'./.env'});

mentioning path is important otherwise it's not detecting SESSION_SECRET from .env file.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Debankita Dutta
  • 11
  • 1
0

I was facing the same problem go checkout wether your .env and .gitignore files are in the same folder where server.js is .

Zain Abbas
  • 1
  • 1
    As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Apr 23 '22 at 10:08
0

My solution:

Create file: config.js

const cfg = {
    ...,
    secured_key: '06vUSNEzq1z9U476UrMEx7xIOPGYfu2m',
    ...
}

module.exports = cfg;

In app.js

...
const cfg = require('./config');
...

app.use(session({
    secret: cfg.secured_key,
    resave: false,
    saveUninitialized: false
}));
...

This error resolve.

Dũng IT
  • 2,751
  • 30
  • 29
-1

Put the dotenv config up the lines where you are exporting the files, for example:

const express = require("express"); require("dotenv").config(); const dbConnect = require("./config/mongo"); const userSession = require("./config/session");
Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
CERNAS HERNANDEZ ANGEL ALEXIS
  • 1