configuring express session to use a secret defined in the config file,

not a hard coded one
12 years ago · 70d3105a8e
parent 924618fc29
commit 70d3105a8e
2 changed files with 2 additions and 1 deletions
--- a/config.default.js
+++ b/config.default.js
@ -1,4 +1,5 @@
 var config = {
+	"secret": 'nodebb-secret',
 	"base_url": "http://localhost",
 	"port": 4567,
 	"mailer": {
--- a/src/webserver.js
+++ b/src/webserver.js
@ -29,7 +29,7 @@ var express = require('express'),
 			client: redisServer,
 			ttl: 60*60*24*14
 		}),
-		secret: 'nodebb',
+		secret: config.secret,
 		key: 'express.sid'
 	}));
 	app.use(function(req, res, next) {