A user may not want to use the same secret to encrypt/decrypt the session-id. But if he/she changes the secret, it'll invalidate all the previously encrypted session-ids. So we want to introduce an option "transition"
{
transition: {
duration: 3600, //in seconds
secret: "some complex secret"
}
}When this property is present, all the previous sessions will be renewed using the new secret And all the new sessions will be created using the new secret. Next time when the user wants to update the key, he needs to copy new key to the old key and very new key to transition.secret.
A user may not want to use the same secret to encrypt/decrypt the session-id. But if he/she changes the secret, it'll invalidate all the previously encrypted session-ids. So we want to introduce an option "transition"
When this property is present, all the previous sessions will be renewed using the new secret And all the new sessions will be created using the new secret. Next time when the user wants to update the key, he needs to copy new key to the old key and very new key to transition.secret.