What is the use of app.keys?

koajs / session

Simple session middleware for koa

MIT License

902 stars 113 forks source link

Closed vincent-yao27 closed 7 years ago

vincent-yao27 commented 7 years ago

There is no description about app.keys defined in the example. I wonder what's the use of it and if it's a must?

dead-horse commented 7 years ago

you should set app.keys to sign the cookie, so user can not modify your cookie from browser

vincent-yao27 commented 7 years ago

thx. 😉 besides, is there any way else to pass the keys to session. adding a property to app feels a bit of strange.

vincent-yao27 commented 7 years ago

SORRY!! i didn't look up the docs of Koa 😢 it's totally my fault. thank you so much

ilaipi commented 6 years ago

it seems koa will pass the app.keys to cookies lib, pillarjs/cookies

cookies = new Cookies( request, response, [ options ] )

# lib/application.js
context.cookies = new Cookies(req, res, {
    keys: this.keys,
    secure: request.secure
});

I think this is the truth.