A while ago I got systematic about organizing the files on my computer. It started with a ~/github directory that mirrors the structure of GitHub itself. If I’ve cloned visionmedia’s commander.js, I know I can find it in ~/github/visionmedia/commander.js. This has helped make things easy to remember. Since then I’ve added an archive directory, a src directory (which contains most of my code), and a projects directory (which contains the code I’m currently working on. A few days ago I added an apps directory.

What does my ~/apps directory contain? It contains credentials and configuration for web apps, which I don’t want to store in my code repositories. For the fluxnote project I’m developing, it contains a script to set my environment variables to mirror what I require on Heroku:

export GITHUB_CLIENT_ID=7f2264d71eb1dfbc2611
export GITHUB_CLIENT_SECRET=copied_and_pasted_from_github
export SESSION_SECRET=a_long_hard_to_guess_session_secret
export GITHUB_USERNAME=benatkin
export COUCH_URL=https://therystillonleamoldescle:hahahahaha@bat.cloudant.com/fluxnote/

(Side note: Cloudant has clever auto-generated usernames. The username and GitHub Client ID are real; the secrets and password are not.)

If I run source ~/apps/fluxnote/config, the environment variables from the above script are loaded into my shell. Then I can run npm start to start my server. (After I add my Procfile I’ll also be able to run it with foreman start.)

I like it, because I have my credentials in one place, that I know not to give to anybody (and that would be hard to steal because I use full drive encryption).

Connect has a session middleware that has a pluggable API for session storage. There is a session store for redis, written by TJ Holowaychuk, who maintains both connect and express. There are also session stores for CouchDB, MongoDB, and postgresql that look to be well-maintained and ready for production use.

These are great, but I wanted to store my session data in cookies, because the amount of session data I plan to use is tiny, and because my app is designed to handle high-latency CouchDB database connections gracefully.

I had a hard time finding a session store that stores session data in the cookies. The session middleware uses cookies, but it uses them to store the keys to access the session data, not the session data itself. I found an example but no actively maintained session store for cookies.

After some more searching, I found that the way to store sessions in cookies is to use a whole different middleware that comes with connect! It’s called cookieSession. To use it all I have to do is add this code snippet, and ensure that I have session_secret set in my app settings:


When using cookie sessions it’s important that the cookie data is small and that the cookie is signed using a session secret, to prevent session fixation. This is documented in the excellent Ruby On Rails Security Guide. Even if you aren’t using RoR I recommend reading it.

I’m a believer in the concept of necessary steps.

I can’t waste less time online unless I show some restraint.

I can’t have more privacy online if I don’t self-filter.

Tools can help. Things that break up the habit can help. But in order for them to work, I have to make a good, old-fashioned change.

If I’m not ready to, I should ask why. Perhaps there’s something online that’s really important to me, and I don’t want to restrain myself. Or maybe I need to fix an issue I have that’s keeping me from wanting to do something more productive.