From 6c0817a2eb64de716d7023c3c62f56c5a3cf417b Mon Sep 17 00:00:00 2001
From: Claas <claas@claas.dev>
Date: Wed, 25 Dec 2024 12:49:14 +0100
Subject: [PATCH] Make it clear what secret is used

by other middleware when multiple secrets are provided
---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b8ecd7b..f53f565 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,8 @@ Create a new cookie parser middleware function using the given `secret` and
 - `secret` a string or array used for signing cookies. This is optional and if
   not specified, will not parse signed cookies. If a string is provided, this
   is used as the secret. If an array is provided, an attempt will be made to
-  unsign the cookie with each secret in order.
+  unsign the cookie with each secret in order. Only the first secret in the array
+  will be assigned to `req.secret` for other middleware to use.
 - `options` an object that is passed to `cookie.parse` as the second option. See
   [cookie](https://www.npmjs.org/package/cookie) for more information.
   - `decode` a function to decode the value of the cookie