From 360c3a4d3b66d3ee4a63043f4b3a08c04855d38a Mon Sep 17 00:00:00 2001
From: Liran Tal <liran.tal@gmail.com>
Date: Thu, 13 Aug 2015 21:42:44 +0300
Subject: [PATCH] Adding support for sessionKey configuration parameter to
 allow to easily change the session key that is used to hold the session
 value. The default is a generic sessionId key to introduce security through
 obscurity.

---
 config/env/default.js | 5 +++++
 config/lib/express.js | 1 +
 2 files changed, 6 insertions(+)

diff --git a/config/env/default.js b/config/env/default.js
index bc3e6e6010..105aa154b6 100644
--- a/config/env/default.js
+++ b/config/env/default.js
@@ -9,7 +9,12 @@ module.exports = {
   },
   port: process.env.PORT || 3000,
   templateEngine: 'swig',
+  // Session details
+  // sessionSecret should be changed for security measures and concerns
   sessionSecret: 'MEAN',
+  // sessionKey is set to the generic sessionId key used by PHP applications
+  // for obsecurity reasons
+  sessionKey: 'sessionId',
   sessionCollection: 'sessions',
   logo: 'modules/core/img/brand/logo.png',
   favicon: 'modules/core/img/brand/favicon.ico'
diff --git a/config/lib/express.js b/config/lib/express.js
index edd3e74459..80baa4b4dd 100644
--- a/config/lib/express.js
+++ b/config/lib/express.js
@@ -115,6 +115,7 @@ module.exports.initSession = function (app, db) {
     saveUninitialized: true,
     resave: true,
     secret: config.sessionSecret,
+    key: config.sessionKey,
     store: new MongoStore({
       mongooseConnection: db.connection,
       collection: config.sessionCollection