Properties of Cookies and Environment file

Properties of Cookies🍪

secret

String of text to sign the cookies. Verifies the browser got the cookies from OUR backend. Prevents session highjack.

app.use(session({
	secret: 
});

Domain

Shows the what kind of backend gave the cookie. The cookies made from the domain only transport in between the specific backend and the browser.

Path

URL

Expires

Shows session has experiration date. If the specific expiration date is not set, it is going to be set as session cookie. And session cookie ends when browser is closed, or computer is turned off.

maxAge

Setting how long the cookies will be saved on the browser. The unit is in millioseconds.

Securing sensitive files like dbURL and cookie secret

environment file

This fine will going to contain some code which is not supposed to be open to anybody for the security reason. (Not in the git or github too)

1. Make a .env file
2. Write .env in the .gitignore
3. Everything in the .env file is written in uppercase.

   COOKIE_SECRET=alskdmf12mlf49smlekfmwlek2
    DB_URL=writeDBUrl

4. how to process .env file?

   app.use(
       session({
           secret: process.env.COOKIE_SECRET,
           store: MongoStore.create({ mongoUrl: process.env.DB_URL }),
       })
   )

But this won't work because NodeJS can not read .env file. So we have to install a package called dotenv.

dotenv

A package which will read .env file and put the data inside the process.env.

1. install i dotenv

2. npm docs say the dotenv config should be coded early as possible in the application. If you see the package.json,

   "scripts": {
       "dev": "nodemon --exec babel-node src/init.js"

   we can see init.js file is very first file to start the application.

3. Type import "dotenv/config"; (or you can write require("dotenv").config(); to every file has .env variables (but that's too much repeats)