.env · security🔥 popular
Session Secret Generator — SESSION_SECRET, Flask SECRET_KEY, CSRF
Generate a cryptographically strong session secret for Express, Flask, CSRF tokens, and cookie signing. All in-browser — nothing is sent to any server.
Be the first to rate
generated locally · crypto.getRandomValues · nothing sent anywhere
Express / connect-session Secret
Base64url, 32 bytes — used to sign the session ID cookie
Secret value
.env line
SESSION_SECRET=Flask SECRET_KEY
Hex, 32 bytes — matches Python's secrets.token_hex(32)
Secret value
.env line
SECRET_KEY=CSRF Secret
Base64url, 32 bytes — for CSRF token signing (csurf, Django, Rails)
Secret value
.env line
CSRF_SECRET=Cookie Signing Secret
Base64url, 32 bytes — signs cookie-parser / cookie-session cookies
Secret value
.env line
COOKIE_SECRET=Session Secret (high entropy)
Base64url, 48 bytes — extra margin for long-lived sessions
Secret value
.env line
SESSION_SECRET=Full tool page:/session-secret-generator