Allow Configuration for Session Key

[rdegges]

Hi all!

I'm currently building an authentication library, which ships with pre-built registration and login forms. Because of this, my library uses this csurf module to protect the form inputs.

My library initializes it's own session management stuff (to maintain user state), using the node-client-sessions library from Mozilla (https://github.com/mozilla/node-client-sessions), which allows me to specify a custom request session key.

So for instance, I can use that library to initialize ONE session as req.stormpathSession, and another as req.session.

I like doing this because this way -- my library does its own session stuff under req.stormpathSession, while the user USING my library can create / do their own session stuff as req.session, which is sort of the convention.

Anyhow: back to my original point. What I'd like is for this ilbrary to support custom session keys. This way, I could tell the csurf middleware to write data to req.stormpathSession instead of the default req.session. This would make it possible for my sort of use case to work.

If this is cool with ya'll, and you'll merge it in, I'd be happy to submit a clean patch supporting this behavior along with full tests / etc.

Let me know if this sounds OK!

[dougwilson]

I don't have any objections.

[rdegges]

Awesome, I'll start work on this today =) Appreciate your fast response by the way!