parse-community · Copilot · Dec 6, 2025 · Dec 6, 2025 · Dec 6, 2025 · Dec 6, 2025
diff --git a/Parse-Dashboard/app.js b/Parse-Dashboard/app.js
@@ -83,9 +83,9 @@ module.exports = function(config, options) {
     const useEncryptedPasswords = config.useEncryptedPasswords ? true : false;
     const authInstance = new Authentication(users, useEncryptedPasswords, mountPath);
     authInstance.initialize(app, {
-      cookieSessionSecret: options.cookieSessionSecret,
+      cookieSessionSecret: options.cookieSessionSecret || config.cookieSessionSecret,
       cookieSessionMaxAge: options.cookieSessionMaxAge,
-      cookieSessionStore: options.cookieSessionStore
+      cookieSessionStore: options.cookieSessionStore || config.cookieSessionStore
     });
 
     // CSRF error handler

diff --git a/Parse-Dashboard/server.js b/Parse-Dashboard/server.js
@@ -164,7 +164,7 @@ module.exports = (options) => {
   config.data.trustProxy = trustProxy;
   const dashboardOptions = {
     allowInsecureHTTP,
-    cookieSessionSecret,
+    cookieSessionSecret: cookieSessionSecret || config.data.cookieSessionSecret,
     dev,
     cookieSessionMaxAge,
     cookieSessionStore: config.data.cookieSessionStore

diff --git a/README.md b/README.md
@@ -819,7 +819,7 @@ When deploying Parse Dashboard with multiple replicas behind a load balancer, yo
 
 #### Using a Custom Session Store
 
-Parse Dashboard supports using any session store compatible with [express-session](https://github.com/expressjs/session). The `sessionStore` option must be configured programmatically when initializing the dashboard.
+Parse Dashboard supports using any session store compatible with [express-session](https://github.com/expressjs/session). Both `cookieSessionSecret` and `cookieSessionStore` can be configured either programmatically when initializing the dashboard or via a configuration file (note: `cookieSessionStore` can only be configured programmatically as it requires an object instance).
 
 **Suggested Session Stores:**
 
@@ -851,6 +851,21 @@ const dashboard = new ParseDashboard({
   cookieSessionStore,
   cookieSessionSecret: 'your-secret-key',
 });
+```
+
+**Example using a configuration file:**
+
+When starting the dashboard with a config file, you can specify `cookieSessionSecret` directly in the JSON configuration:
+
+```json
+{
+  "apps": [...],
+  "users": [...],
+  "cookieSessionSecret": "your-secret-key"
+}
+```
+
+Note: `cookieSessionStore` must still be configured programmatically as it requires an object instance, but `cookieSessionSecret` can now be specified in the config file for convenience.
 
 **Important Notes:**
 

diff --git a/package-lock.json b/package-lock.json