You can clone with
HTTPS or Subversion.
My first attempt at getting the session cookie store to work was like this:
But for some reason it doesn't work if you pass the secret to the cookieParser as well. Whether this is intended or not, I don't know, but I found it confusing.
After stepping through the code I figured out this combination would work:
it should try cookieParser's secret first for legacy, and then the one passed via options
no longer relevant with https://github.com/expressjs/cookie-session