会话的“秘密”是什么？选项？ [英] What is the session's "secret" option?

问题描述

我对加密一无所知。我想知道会话机密是什么。

I don't know anything about cryptography. I'm wondering what the session secret is.

我看到这样的代码：

app.use(express.session({
  store: mongoStore({
    url: app.set('db-uri')
  }),
  secret: 'topsecret'
}));

什么是秘密，我应该更改吗？

What is the secret and should I change it?

推荐答案

是的，您应该更改它。 connect中的会话机密仅用于计算哈希。没有字符串，对会话的访问实质上将被拒绝。看看连接文档，应该会有所帮助。

Yes, you should change it. A session secret in connect is simply used to compute the hash. Without the string, access to the session would essentially be "denied". Take a look at the connect docs, that should help a little bit.

这篇关于会话的“秘密”是什么？选项？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！