express 4.0 , express-session with odd warning message

Question

I am trying to work through setting up a nodejs app using express 4.x. After stumbling through the middleware-removal issues, I finally got it working.

however, ther

Answer 1

I don't have enough rep to add this as comment. I added this for my default value of Ben's answer.

secret: process.env.SESSION_SECRET || '<mysecret>',

Answer 2

I found issue useful:

https://github.com/expressjs/session/issues/56

app.use(session({
    secret: cookie_secret,
    resave: true,
    saveUninitialized: true
}));

Answer 3

As the warnings say, the default values will change so they want to ensure that by setting the values explicitly now, you won't run into unexpected behavior when the defaults do change (in the near future).

Answer 4

app.use(session({
  cookieName: 'session',
  secret: 'eg[isfd-8yF9-7w2315df{}+Ijsli;;to8',
  duration: 30 * 60 * 1000,
  activeDuration: 5 * 60 * 1000,
  httpOnly: true,
  secure: true,
  ephemeral: true,
  resave: true,
  saveUninitialized: true
}));