Skip to content
This repository has been archived by the owner on Aug 30, 2021. It is now read-only.

Commit

Permalink
Refactoring the Session Cookie configuration and adding more configur…
Browse files Browse the repository at this point in the history
…ale parameters
  • Loading branch information
lirantal committed Aug 25, 2015
1 parent 51196c5 commit 80b63b5
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 4 deletions.
15 changes: 12 additions & 3 deletions config/env/default.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,18 @@ module.exports = {
},
port: process.env.PORT || 3000,
templateEngine: 'swig',
// Session details
// session expiration is set by default to 24 hours
sessionExpiration: 24 * (60 * 60 * 1000),
// Session Cookie settings
sessionCookie: {
// session expiration is set by default to 24 hours
maxAge: 24 * (60 * 60 * 1000),
// httpOnly flag makes sure the cookie is only accessed
// through the HTTP protocol and not JS/browser
httpOnly: true,
// secure cookie should be turned to true to provide additional
// layer of security so that the cookie is set only when working
// in HTTPS mode.
secure: false
},
// sessionSecret should be changed for security measures and concerns
sessionSecret: 'MEAN',
// sessionKey is set to the generic sessionId key used by PHP applications
Expand Down
4 changes: 3 additions & 1 deletion config/lib/express.js
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,9 @@ module.exports.initSession = function (app, db) {
resave: true,
secret: config.sessionSecret,
cookie: {
maxAge: config.sessionExpiration
maxAge: config.sessionCookie.maxAge,
httpOnly: config.sessionCookie.httpOnly,
secure: config.sessionCookie.secure && config.secure.ssl
},
key: config.sessionKey,
store: new MongoStore({
Expand Down

0 comments on commit 80b63b5

Please sign in to comment.