.env · security🔥 popular

Session Secret Generator — SESSION_SECRET, Flask SECRET_KEY, CSRF

Generate a cryptographically strong session secret for Express, Flask, CSRF tokens, and cookie signing. All in-browser — nothing is sent to any server.

Be the first to rate
generated locally · crypto.getRandomValues · nothing sent anywhere
Express / connect-session Secret
Base64url, 32 bytes — used to sign the session ID cookie
Secret value
.env line
SESSION_SECRET=
Flask SECRET_KEY
Hex, 32 bytes — matches Python's secrets.token_hex(32)
Secret value
.env line
SECRET_KEY=
CSRF Secret
Base64url, 32 bytes — for CSRF token signing (csurf, Django, Rails)
Secret value
.env line
CSRF_SECRET=
Cookie Signing Secret
Base64url, 32 bytes — signs cookie-parser / cookie-session cookies
Secret value
.env line
COOKIE_SECRET=
Session Secret (high entropy)
Base64url, 48 bytes — extra margin for long-lived sessions
Secret value
.env line
SESSION_SECRET=