Add cookie secrets to env

README.md

@@ -65,25 +65,36 @@ Edit your .env file with the following API keys accordingly (if you only use ema
 ```
 
 MONGOHQ_URL='mongodb://localhost:27017/freecodecamp'
-BLOGGER_KEY=stuff
+
 FACEBOOK_ID=stuff
 FACEBOOK_SECRET=stuff
+
 GITHUB_ID=stuff
 GITHUB_SECRET=stuff
+
 GOOGLE_ID=stuff
 GOOGLE_SECRET=stuff
+
 LINKEDIN_ID=stuff
 LINKEDIN_SECRET=stuff
+
 MANDRILL_PASSWORD=stuff
 MANDRILL_USER=stuff
-SESSION_SECRET=secretstuff
+
 TRELLO_KEY=stuff
 TRELLO_SECRET=stuff
+
 TWITTER_KEY=stuff
 TWITTER_SECRET=stuff
 TWITTER_TOKEN=stuff
 TWITTER_TOKEN_SECRET=stuff
+
+BLOGGER_KEY=stuff
 SLACK_WEBHOOK=stuff
+
+SESSION_SECRET=secretstuff
+COOKIE_SECRET='this is a secret'
+
 PEER=stuff
 DEBUG=true
 

config/secrets.js

@@ -60,4 +60,6 @@ module.exports = {
     passReqToCallback: true
   },
   slackHook: process.env.SLACK_WEBHOOK,
+
+  cookieSecret: process.env.COOKIE_SECRET
 };

server/server.js

@@ -65,7 +65,7 @@ app.use(expressValidator({
   }
 }));
 app.use(methodOverride());
-app.use(cookieParser());
+app.use(cookieParser(secrets.cookieSecret));
 app.use(session({
   resave: true,
   saveUninitialized: true,