adding support for configurable session cookie parameters for express

meanjs · Oct 14, 2014 · 5d20988 · 5d20988
1 parent f67b7d9
commit 5d20988
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 1 deletion.
diff --git a/config/env/all.js b/config/env/all.js
@@ -8,8 +8,31 @@ module.exports = {
 	},
 	port: process.env.PORT || 3000,
 	templateEngine: 'swig',
+
+	// The secret should be set to a non-guessable string that
+    // is used to compute a session hash
 	sessionSecret: 'MEAN',
+
+	// The name of the MongoDB collection to store sessions in
 	sessionCollection: 'sessions',
+
+	// The session cookie settings
+    sessionCookie: { 
+    	path: '/',
+    	httpOnly: true,
+    	// If secure is set to true then it will cause the cookie to be set
+    	// only when SSL-enabled (HTTPS) is used, and otherwise it won't
+    	// set a cookie. 'true' is recommended yet it requires the above
+    	// mentioned pre-requisite.
+    	secure: false,
+    	// Only set the maxAge to null if the cookie shouldn't be expired
+    	// at all. The cookie will expunge when the browser is closed.
+    	maxAge: null
+    },
+
+    // The session cookie name
+    sessionName: 'connect.sid',
+
 	assets: {
 		lib: {
 			css: [

diff --git a/config/express.js b/config/express.js
@@ -93,7 +93,9 @@ module.exports = function(db) {
 		store: new mongoStore({
 			db: db.connection.db,
 			collection: config.sessionCollection
-		})
+		}),
+		cookie: config.sessionCookie,
+        name: config.sessionName
 	}));
 
 	// use passport session