From ac89ef7fede926546b85971963ea98b0e0e01c1d Mon Sep 17 00:00:00 2001
From: Nicolas Beguier <nicolas.beguier@adevinta.com>
Date: Wed, 13 Nov 2019 13:51:04 +0100
Subject: [PATCH] security example for app.keys

---
 README.md        | 14 +++++++++-----
 benchmark/koa.js |  3 ++-
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 2be90e0..a7d0ff4 100644
--- a/README.md
+++ b/README.md
@@ -60,17 +60,18 @@ yarn add koa-redis
 
 `koa-redis` works with [koa-session](https://github.com/koajs/session) (a basic session middleware for koa).
 
-For more examples, please see the [examples folder of `koa-session`](https://github.com/koajs/session/tree/master/example).
+For more examples, please see the [examples folder of `koa-session`](https://github.com/koajs/session/blob/master/Readme.md#example).
 
 ### Basic
 
 ```js
 const session = require('koa-session');
 const redisStore = require('koa-redis');
+const Keygrip = require('keygrip');
 const koa = require('koa');
 
 const app = koa();
-app.keys = ['keys', 'keykeys'];
+app.keys = new Keygrip(['insert 64 bytes random string', 'insert another 64 bytes random string'], 'sha512', 'base64');
 app.use(session({
   store: redisStore({
     // Options specified here
@@ -117,10 +118,11 @@ app.listen(8080);
 ```js
 const session = require('koa-session');
 const redisStore = require('koa-redis');
+const Keygrip = require('keygrip');
 const koa = require('koa');
 
 const app = koa();
-app.keys = ['keys', 'keykeys'];
+app.keys = new Keygrip(['insert 64 bytes random string', 'insert another 64 bytes random string'], 'sha512', 'base64');
 app.use(session({
   store: redisStore({
     // Options specified here
@@ -142,10 +144,11 @@ app.use(session({
 ```js
 const session = require('koa-session');
 const redisStore = require('koa-redis');
+const Keygrip = require('keygrip');
 const koa = require('koa');
 
 const app = koa();
-app.keys = ['keys', 'keykeys'];
+app.keys = new Keygrip(['insert 64 bytes random string', 'insert another 64 bytes random string'], 'sha512', 'base64');
 app.use(session({
   store: redisStore({
     // Options specified here
@@ -206,9 +209,10 @@ const session = require('koa-session');
 const redisStore = require('koa-redis')({
   // Options specified here
 });
+const Keygrip = require('keygrip');
 const app = require('koa')();
 
-app.keys = ['keys', 'keykeys'];
+app.keys = new Keygrip(['insert 64 bytes random string', 'insert another 64 bytes random string'], 'sha512');
 app.use(session({
   store: redisStore
 }, app));
diff --git a/benchmark/koa.js b/benchmark/koa.js
index 32d6ac0..38ffd6b 100644
--- a/benchmark/koa.js
+++ b/benchmark/koa.js
@@ -1,10 +1,11 @@
+const Keygrip = require('keygrip');
 const Koa = require('koa');
 const session = require('koa-session');
 const redisStore = require('../src');
 
 const app = new Koa();
 
-app.keys = ['keys', 'keykeys'];
+app.keys = new Keygrip(['aibiizae0oetheiz9naepeiz6Ogheepowaehia4kengahz2oic4xep0be2fu0dah', 'Aew0heishieSeivekoosharooPei8aeg4phacheegh3ieLai9xahPhaet5Ezoo7p'], 'sha512');
 if (process.argv[2] !== 'nosession') {
   app.use(
     session(