You can clone with
HTTPS or Subversion.
The behavior that I am observing with a session that has been logged off (by setting this.session = null) is that a new cookie is created with time=0 (back to 1/1/1970). The problem is then all new subsequent cookies are set with an expired cookie with time=0, breaking the desired functionality. I have commented out the line, and the behavior seems better, but I am not sure of original purpose.
I got that line from the original module. Looking at https://github.com/koajs/session/blob/master/index.js it seems it's unnecessary. Will promptly remove it. Thanks for spotting this.
Fix #1, bump to 1.0.0