Merge pull request #798 from lirantal/feature/security-enhancements-s…

…ession Express sessionKey configuration option
meanjs · Aug 14, 2015 · 7200426 · 7200426
2 parents d41490c + 360c3a4
commit 7200426
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/config/env/default.js b/config/env/default.js
@@ -9,7 +9,12 @@ module.exports = {
   },
   port: process.env.PORT || 3000,
   templateEngine: 'swig',
+  // Session details
+  // sessionSecret should be changed for security measures and concerns
   sessionSecret: 'MEAN',
+  // sessionKey is set to the generic sessionId key used by PHP applications
+  // for obsecurity reasons
+  sessionKey: 'sessionId',
   sessionCollection: 'sessions',
   logo: 'modules/core/img/brand/logo.png',
   favicon: 'modules/core/img/brand/favicon.ico'

diff --git a/config/lib/express.js b/config/lib/express.js
@@ -115,6 +115,7 @@ module.exports.initSession = function (app, db) {
     saveUninitialized: true,
     resave: true,
     secret: config.sessionSecret,
+    key: config.sessionKey,
     store: new MongoStore({
       mongooseConnection: db.connection,
       collection: config.sessionCollection