Yes, you should change it. A session secret in connect is simply used to **compute the hash**. Without the string, access to the session would essentially be &quot;denied&quot;. Take a look at the [connect docs][1], that should help a little bit.



  [1]: http://www.senchalabs.org/connect/session.html

The secret is used to hash the session with HMAC:

https://github.com/senchalabs/connect/blob/master/lib/middleware/session.js#L256

The session is then protected against session hijacking by checking the fingerprint against the hash with the secret:

https://github.com/senchalabs/connect/blob/master/lib/middleware/session.js#L281-L287

I have installed java in my *CentOS release 5.5* machine using the command `yum install java`. But I am unable to compile a class using javac.

Do I need to install any other package? 

I have tried to locate the `javac` executable but i am unable to locate it.

`/usr/bin/java` is linked as follows:  
`/usr/bin/java` -&gt; `/etc/alternatives/java`  
`/etc/alternatives/java` -&gt; `/usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java`

I have seen the following output by `yum list installed |grep java`:

    java-1.6.0-openjdk.x86_64              1:1.6.0.0-1.16.b17.el5          installed
    tzdata-java.x86_64                     2011b-1.el5                     installed


javac : command not found

Is there a way to quickly capitalize the variable name in Eclipse

I don&#39;t know anything about cryptography. I&#39;m wondering what the session secret is.

I see code like this:

    app.use(express.session({
      store: mongoStore({
        url: app.set(&#39;db-uri&#39;)
      }),
      secret: &#39;topsecret&#39;
    }));

What is the secret and should I change it?


What is the session&#39;s &quot;secret&quot; option?

I don't know anything about cryptography. I'm wondering what the session secret is.
I see code like this:
<pre><code class="hljs language-css">app.use(express.session({
 store: mongoStore({
 url: app.set('db-uri')
 }),
 secret: 'topsecret'
}));
</code></pre>
What is the secret and should I change it?

I have a website running on CentOS using the usual suspects (Apache, MySQL, and PHP). Since the time this website was originally launched, it has evolved quite a bit and now I&#39;d like to do fancier things with it—namely real-time notifications. From what I&#39;ve read, Apache handles this poorly. I&#39;m wondering if I can replace just Apache with Node.js (so instead of &quot;[LAMP](http://en.wikipedia.org/wiki/LAMP_%28software_bundle%29)&quot; it would &quot;LNMP&quot;).

I&#39;ve tried searching online for a solution, but haven&#39;t found one. If I&#39;m correctly interpreting the things that I&#39;ve read, it seems that most people are saying that Node.js can replace both Apache and PHP together. I have a lot of existing PHP code, though, so I&#39;d prefer to keep it.

In case it&#39;s not already obvious, I&#39;m pretty confused and could use some enlightenment. Thanks very much!

Can I Replace Apache with Node.js?

How is V8 installed along with NodeJs? What version is my current V8 engine?

How to check which version of v8 is installed with my NodeJS?

How do I require all files in a folder in node.js?

need something like:

    files.forEach(function (v,k){
      // require routes
      require(&#39;./routes/&#39;+v);
    }};

node.js require all files in a folder?

In previous versions of Mongoose (for node.js) there was an option to use it without defining a schema

    var collection = mongoose.noSchema(db, &quot;User&quot;);

But in the current version the &quot;noSchema&quot; function has been removed. My schemas are likely to change often and really don&#39;t fit in with a defined schema so is there a new way to use schema-less models in mongoose?





How do you use Mongoose without defining a schema?

On the EJS github page, there is one and only one simple example: 
https://github.com/visionmedia/ejs

Example

    &lt;% if (user) { %&gt;
        &lt;h2&gt;&lt;%= user.name %&gt;&lt;/h2&gt;
    &lt;% } %&gt;

This seems to be checking for the existence of a variable named user, and if it exists, do some stuff.  Duh, right?

My question is, why in the world would Node throw a ReferenceError if the user variable doesn&#39;t exist?  This renders the above example useless.  What&#39;s the appropriate way to check for the existence of a variable? Am I expected to use a try/catch mechanism and grab that ReferenceError?  

    ReferenceError: user is not defined
        at IncomingMessage.anonymous (eval at &lt;anonymous&gt; (/usr/local/lib/node/.npm/ejs/0.3.1/package/lib/ejs.js:140:12))
        at IncomingMessage.&lt;anonymous&gt; (/usr/local/lib/node/.npm/ejs/0.3.1/package/lib/ejs.js:142:15)
        at Object.render (/usr/local/lib/node/.npm/ejs/0.3.1/package/lib/ejs.js:177:13)
        at ServerResponse.render (/usr/local/lib/node/.npm/express/1.0.7/package/lib/express/view.js:334:22)
        at Object.&lt;anonymous&gt; (/Users/me/Dropbox/Projects/myproject/server.js:188:9)
        at param (/usr/local/lib/node/.npm/connect/0.5.10/package/lib/connect/middleware/router.js:146:21)
        at pass (/usr/local/lib/node/.npm/connect/0.5.10/package/lib/connect/middleware/router.js:162:10)
        at /usr/local/lib/node/.npm/connect/0.5.10/package/lib/connect/middleware/router.js:152:27
        at Object.restrict (/Users/me/Dropbox/Projects/myproject/server.js:94:5)
        at param (/usr/local/lib/node/.npm/connect/0.5.10/package/lib/connect/middleware/router.js:146:21)

I understand that I could make this error go away by simply adding a &quot;user&quot; local variable in my server code, but the whole point here is that I want to check for the existence of such variables at runtime using your every day if/else nullcheck type pattern.  An exception for a variable that doesn&#39;t exist seems ridiculous to me.

What is the proper way to check for existence of variable in an EJS template (using ExpressJS)?

I was wondering when you would want to set the following page directive in a JSP:

`&lt;%@ page session=&quot;false&quot; %&gt;`

I know that it prevents the creation of the session object, but when would you need to do that? Is it considered a best practice when a JSP does not need to access the implicit session?


**NOTE**: *The reason why I ask, is because it was in this Spring MVC tutorial and I assume the springsource folks know their stuff* - http://blog.springsource.com/2011/01/04/green-beans-getting-started-with-spring-mvc/

Why set a JSP page session = &quot;false&quot; directive?

Using [Express.js][1], sessions are dead simple. I&#39;m curious how they actually work though.

Does it store some cookie on the client? If so, where can I find that cookie? If required, how do I decode it?

I basically want to be able to see if a user is logged in, even when the user is not actually on the site at the time (like how facebook knows you&#39;re logged in when you&#39;re on other sites). But I suppose to understand that I should first understand how sessions work.

  [1]: https://en.wikipedia.org/wiki/Express.js


How do sessions work in Express.js with Node.js?

I feel like this has to be buried somewhere in the documentation, but I can&#39;t find it. 

How do you close or end or kill (whatever) a session in ExpressJS?

How to end a session in ExpressJS

What is the best possible way to invalidate session within a JSF 2.0 application? I know JSF itself does not handle session. So far I could find 

    private void reset() {
        HttpSession session = (HttpSession) FacesContext.getCurrentInstance()
                .getExternalContext().getSession(false);
        session.invalidate();
    }

 1. Is this method correct? Is there a way without touching the
    ServletAPI?
 2. Consider a scenario wherein a `@SessionScoped` UserBean handles the
    login-logout of a user. I have this method in the same bean. Now
    when I call the `reset()` method after I&#39;m done with necessary DB
    updates, what will happen to my current session scoped bean? since
    even the bean itself is stored in `HttpSession`?



How to invalidate session in JSF 2.0?

Is using sessions in a RESTful API really violating RESTfulness? I have seen many opinions going either direction, but I&#39;m not convinced that sessions are *RESTless*. From my point of view:

- authentication is not prohibited for RESTfulness (otherwise there&#39;d be little use in RESTful services)
- authentication is done by sending an authentication token in the request, usually the header
- this authentication token needs to be obtained somehow and may be revoked, in which case it needs to be renewed
- the authentication token needs to be validated by the server (otherwise it wouldn&#39;t be authentication)

So how do sessions violate this?

- client-side, sessions are realized using cookies
- cookies are simply an extra HTTP header
- a session cookie can be obtained and revoked at any time
- session cookies can have an infinite life time if need be
- the session id (authentication token) is validated server-side

As such, to the client, a session cookie is exactly the same as any other HTTP header based authentication mechanism, except that it uses the `Cookie` header instead of the `Authorization` or some other proprietary header. If there was no session attached to the cookie value server-side, why would that make a difference? The server side implementation does not need to concern the client as long as the server *behaves* RESTful. As such, cookies by themselves should not make an API *RESTless*, and sessions are simply cookies to the client.

Are my assumptions wrong? What makes session cookies *RESTless*?

Do sessions really violate RESTfulness?

I&#39;m using Node&#39;s Express w/ Connect middleware.  Connect&#39;s memory session store isn&#39;t fit for production:

&gt;     Warning: connection.session() MemoryStore is not designed for a production environment, as it will leak memory, and obviously only work within a single process.

For larger deployments, mongo or redis makes sense.  

But what is a good solution for a single-host app in production? 

What is a good session store for a single-host Node.js production app?

I&#39;m trying to start serving some static web pages using `connect` like this:

    var connect = require(&quot;connect&quot;);
    var nowjs = require(&quot;now&quot;);
    var io = require(&quot;socket.io&quot;);
    
    
    var app = connect.createServer(
      connect.static(__dirname + &#39;/public&#39;)
    );
    
    app.listen(8180);

So I added a simple `index.html` at the `/public` directory on the same directory as the `app.js` file is, but when I try to view the page on my browser I get this response from node:

&gt; Cannot GET /

What I&#39;m doing wrong and how I can correct it?

&quot;Cannot GET /&quot; with Connect on Node.js

I have very recently received a lot of traffic to my site that runs Node.js. With the increasing traffic it has started to crash a lot, which has not happened before. I get the following error in my log:


    { [Error: connect EMFILE] code: &#39;EMFILE&#39;, errno: &#39;EMFILE&#39;, syscall: &#39;connect&#39; }
    Error: connect EMFILE
        at errnoException (net.js:670:11)
        at connect (net.js:548:19)
        at net.js:607:9
        at Array.0 (dns.js:88:18)
        at EventEmitter._tickCallback (node.js:192:40)

Anyone that have an idea why it crash? And ideas how to solve it?

I&#39;m using Express.js and Socket.io. It runs on Ubuntu.

&quot;connect EMFILE&quot; error in Node.js

This seems like it should be a fairly simple question, but I&#39;m having a really hard time figuring out how to approach it.

I&#39;m using Node.js + Express to build a web application, and I find the connect BodyParser that express exposes to be very useful in most cases. However, I would like to have more granular access to multipart form-data POSTS as they come - I need to pipe the input stream to another server, and want to avoid downloading the whole file first.

Because I&#39;m using the Express BodyParser, however, all file uploads are parsed automatically and uploaded and available using &quot;request.files&quot; before they ever get to any of my functions.

Is there a way for me to disable the BodyParser for multipart formdata posts without disabling it for everything else?

How to disable Express BodyParser for file uploads (Node.js)

I am trying to figure out what &quot;signed cookies&quot; actually are.
There isn&#39;t much on the net, and if I try this:

    app.use(express.cookieParser(&#39;A secret&#39;));

But still... Cookies are still 100% normal on the browser, and I don&#39;t really know what &quot;signed&quot; is here (I was sort of hoping to &quot;see&quot; some weirdness on the client, something like the data encrypted using &quot;A secret&quot; as salt?)

The documentation says (https://github.com/expressjs/cookie-parser):

&gt;    Parse _Cookie_ header and populate `req.cookies`
&gt;    with an object keyed by the cookie names. Optionally
&gt;    you may enabled signed cookie support by passing
&gt;    a `secret` string, which assigns `req.secret` so
&gt;    it may be used by other middleware.


Does anybody know?

Merc.

Content Type	Original Author	Original Content on Stackoverflow
Question	Harry	View Question on Stackoverflow
Solution 1 - node.js	Hacknightly	View Answer on Stackoverflow
Solution 2 - node.js	substack	View Answer on Stackoverflow

What is the session's "secret" option?

node.js Problem Overview

node.js Solutions

Solution 1 - node.js

Solution 2 - node.js

Is there a way to quickly capitalize the variable name in Eclipse

javac : command not found

Attributions