Purpose of the keys param?

[alvarotrigo]

After reading the documentation I don't have it very clear what is the keys parameter for in the cookie-session configuration.

I'm not an expert on cookies and the description doesn't help me much on that regard.

keys
The list of keys to use to sign & verify cookie values. Set cookies are always signed with keys[0], while the other keys are valid for verification, allowing for key rotation.

But it seems to be a compulsory field, if I don't add it I get an error:

C:\inetpub\wwwroot\app\node_modules\cookie-session\index.js:55
if (!keys && opts.signed) throw new Error('.keys required.');

So I ended up using keys: ['key1', 'key2'] as in the examples, but I have no idea why.

[dougwilson]

You only have to set it if you have signed: true set (which I is by default). You can just specify signed:false in your options and then not provide keys.

[dougwilson]

P.S. this module needs a lot of documentation work, if you find things are you want to make a PR :)