Can someone explain to me where the middleware is requiring a secret string? Also, if I set a secret key/value pair in the passport.session options I am still getting the same error message
This is the code
// using pug since a view engine is required by express
app.set('views', __dirname)
app.set('view engine', 'pug')
app.use(cookieParser(secretConfig))
// parse application/json
app.use(bodyParser.json())
// parse application/x-www-form-urlencoded
app.use(bodyParser.urlencoded({ extended: false }))
app.use(passport.initialize());
app.use(passport.session({
resave: false,
saveUninitialized: true,
failureFlash: true
}));
//app.use(flash());
// Load the REST endpoints
app.use('/api', require('./endpoints/whatever/router'))
app.use('/api', require('./endpoints/login/router'))
// app.use('/api', require('./users/router'))
// Repeat the above line for additional model areas ("deals", "vehicles", etc)
app.use('/graphql', graphqlHTTP({
schema: schema,
rootValue: root,
graphiql: true
}));
This doesn't like right to me:
app.use(passport.session({
resave: false,
saveUninitialized: true,
failureFlash: true
}));
I believe you need something like this:
var session = require('express-session');
app.use(session({
resave: false,
saveUninitialized: true,
secret: 'secret here'
});
app.use(passport.initialize());
app.use(passport.session());
Even though you mention 'Express-Session' in your title the code sample you posted doesn't actually use it. It is not the same passport.session.
Unless you're using it for something else you can also remove the cookie-parser as the latest version of express-session doesn't need it.