use comma-separated secrets

exercises/02.cookie-sessions/01.problem.session/README.mdx

@@ -26,9 +26,10 @@ to initialize this session storage object.
 - `httpOnly`: `true` - The cookie is not accessible via JavaScript. This is
   important for security because it prevents cross-site scripting attacks from
   accessing the cookie.
-- `secrets`: `[process.env.SESSION_SECRET]` - This is an array of secrets that
-  will be used to sign the cookie. This is important for security because it
-  prevents the cookie from being tampered with.
+- `secrets`: `process.env.SESSION_SECRET.split(',')` - This is an array of
+  secrets that will be used to sign the cookie. This is important for security
+  because it prevents the cookie from being tampered with. It's an array so you
+  can rotate their values over time.
 - `secure`: `process.env.NODE_ENV === 'production'` - The cookie is only sent
   over HTTPS. This is important for security because it prevents the cookie from
   being sent over an insecure connection. We only want to do this in production

exercises/02.cookie-sessions/01.solution.session/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/02.cookie-sessions/02.problem.login/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/02.cookie-sessions/02.solution.login/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/02.cookie-sessions/03.problem.root/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/02.cookie-sessions/03.solution.root/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/03.password/01.problem.schema/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/03.password/01.solution.schema/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/03.password/02.problem.seed/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/03.password/02.solution.seed/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/03.password/03.problem.signup/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/03.password/03.solution.signup/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/04.login/01.problem.login/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/04.login/01.solution.login/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/04.login/02.problem.ui-utils/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/04.login/02.solution.ui-utils/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/05.logout/01.problem.logout/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/05.logout/01.solution.logout/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/05.logout/02.problem.expiration/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/05.logout/02.solution.expiration/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/05.logout/03.problem.deleted/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/05.logout/03.solution.deleted/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/05.logout/04.problem.auto-logout/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/05.logout/04.solution.auto-logout/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/06.protecting-routes/01.problem.anonymous/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/06.protecting-routes/01.solution.anonymous/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/06.protecting-routes/02.problem.authenticated/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/06.protecting-routes/02.solution.authenticated/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/06.protecting-routes/03.problem.redirect/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/06.protecting-routes/03.solution.redirect/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/07.permissions/01.problem.schema/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/07.permissions/01.solution.schema/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/07.permissions/02.problem.seed/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/07.permissions/02.solution.seed/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/07.permissions/03.problem.delete-note/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/07.permissions/03.solution.delete-note/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/07.permissions/04.problem.utils/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/07.permissions/04.solution.utils/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/08.managed-sessions/01.problem.schema/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/08.managed-sessions/01.solution.schema/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/08.managed-sessions/02.problem.auth-utils/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/08.managed-sessions/02.solution.auth-utils/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })

exercises/08.managed-sessions/03.problem.session-cookie/app/utils/session.server.ts

@@ -6,7 +6,7 @@ const sessionStorage = createCookieSessionStorage({
 		sameSite: 'lax',
 		path: '/',
 		httpOnly: true,
-		secrets: [process.env.SESSION_SECRET],
+		secrets: process.env.SESSION_SECRET.split(','),
 		secure: process.env.NODE_ENV === 'production',
 	},
 })