Merge pull request #585 from getmaxun/session-env

feat: use env var for session store store
2025-05-06 19:11:35 +05:30
parent 9433860b2d 456c5cc450
commit fcbc067370
3 changed files with 4 additions and 1 deletions
--- a/2
+++ b/2
@@ -7,6 +7,8 @@ DB_PASSWORD=postgres                    # PostgreSQL password
 DB_HOST=postgres                        # Host for PostgreSQL in Docker
 DB_PORT=5432                            # Port for PostgreSQL (default: 5432)
 ENCRYPTION_KEY=f4d5e6a7b8c9d0e1f23456789abcdef01234567890abcdef123456789abcdef0      # Key for encrypting sensitive data (passwords and proxies)
+SESSION_SECRET=maxun_session # A strong, random string used to sign session cookies. Recommended to define your own session secret to avoid session hijacking.
+
 MINIO_ENDPOINT=minio                    # MinIO endpoint in Docker
 MINIO_PORT=9000                         # Port for MinIO (default: 9000)
 MINIO_CONSOLE_PORT=9001                 # Web UI Port for MinIO (default: 9001)
--- a/README.md
+++ b/README.md
@@ -98,6 +98,7 @@ You can access the frontend at http://localhost:5173/ and backend at http://loca
 | `DB_HOST`             | Yes       | Host address where the Postgres database server is running.                                  | Database connection will fail.                               |
 | `DB_PORT`             | Yes       | Port number used to connect to the Postgres database server.                                 | Database connection will fail.                               |
 | `ENCRYPTION_KEY`      | Yes       | Key used for encrypting sensitive data (proxies, passwords).                                 | Encryption functionality will not work.                      |
+| `SESSION_SECRET`      | No       | A strong, random string used to sign session cookies                                          | Uses default secret. Recommended to define your own session secret to avoid session hijacking.  |
 | `MINIO_ENDPOINT`      | Yes       | Endpoint URL for MinIO, to store Robot Run Screenshots.                                      | Connection to MinIO storage will fail.                       |
 | `MINIO_PORT`          | Yes       | Port number for MinIO service.                                                               | Connection to MinIO storage will fail.                       |
 | `MINIO_CONSOLE_PORT`          | No       | Port number for MinIO WebUI service. Needed for Docker setup.                         | Cannot access MinIO Web UI. |
--- a/server/src/server.ts
+++ b/server/src/server.ts
@@ -60,7 +60,7 @@ const sessionStore = new PgSession({
 app.use(
  session({
    store: sessionStore,
-    secret: 'mx-session',
+    secret: process.env.SESSION_SECRET || 'mx-session',
    resave: false,
    saveUninitialized: false,
    cookie: {