# v4.0.x to v4.0.6 migration guide

The Strapi v4.0.x to v4.0.6 migration guide upgrades all prior versions of v4.0.x to v4.0.6. The migration adds the session middleware to the middleware array and configures the session middleware. The upgrade is required for the Users & Permissions providers to function properly, secure cookies, and encrypt data. The migration guide consists of 3 sections:

  • upgrading the application dependencies
  • migrating the breaking changes to the middleware
  • reinitializing the application

✋ CAUTION

Plugins extension that create custom code or modify existing code, will need to be updated and compared to the changes in the repository. Not updating the plugin extensions could break the application.

# Upgrading the application dependencies

PREREQUISITES

Stop the server before starting the upgrade.

  1. Upgrade all of the Strapi packages in the package.json to 4.0.6:
// path: package.json

{
  // ...
  "dependencies": {
    "@strapi/strapi": "4.0.6",
    "@strapi/plugin-users-permissions": "4.0.6",
    "@strapi/plugin-i18n": "4.0.6",
    "sqlite3": "5.0.2"
    // ...
  }
}

  1. Save the edited package.json file.

  2. Run either yarn or npm install to install the new version.

💡 TIP

If the operation doesn't work, try removing your yarn.lock or package-lock.json. If that doesn't help, remove the node_modules folder as well and try again.

# Fixing the breaking changes

  1. Add the strapi::session middleware to the array in the middleware configuration file ./config/middlewares.js:
// path: ./config/middlewares.js

module.exports = [
  'strapi::errors',
  'strapi::security',
  'strapi::cors',
  'strapi::poweredBy',
  'strapi::logger',
  'strapi::query',
  'strapi::body',
  'strapi::session',
  'strapi::favicon',
  'strapi::public',
];
  1. Configure the session middleware by adding the key settings to the server.js config file (see koa-session (opens new window) for more information).
// path: ./config/server.js

  // ...
  app: {
    keys: env.array("APP_KEYS", ["testKey1", "testKey2"]),
  },
// ...
Example of the updated file 
// path: ./config/server.js

  // ...
  app: {
    keys: env.array("APP_KEYS", ["testKey1", "testKey2"]),
  },
// ...
Example of the updated file 
// path: ./config/server.js

module.exports = ({ env }) => ({
  host: env('HOST', '0.0.0.0'),
  port: env.int('PORT', 1337),
  app: {
    keys: env.array("APP_KEYS", ["testKey1", "testKey2"]),
  },
  // ...
});

:::

️❗️ WARNING

It is a security risk to expose static session middleware keys in a deployed environment. An .env file or environment variables should be used instead.

Example: sessions keys in .env file 
APP_KEYS=[someSecret, anotherSecret, additionalSecrets]

or 

APP_KEYS=someSecret,anotherSecret,additionalSecrets

# Reinitializing the application

Rebuild the administration panel and start the application: