From 5d20988b10bceeff3c452f689189c997bf220e8e Mon Sep 17 00:00:00 2001
From: Liran Tal <liran.tal@gmail.com>
Date: Tue, 14 Oct 2014 12:14:17 +0300
Subject: [PATCH 1/3] adding support for configurable session cookie parameters
 for express

---
 config/env/all.js | 23 +++++++++++++++++++++++
 config/express.js |  4 +++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/config/env/all.js b/config/env/all.js
index 33ca9948d3..17792288ab 100644
--- a/config/env/all.js
+++ b/config/env/all.js
@@ -8,8 +8,31 @@ module.exports = {
 	},
 	port: process.env.PORT || 3000,
 	templateEngine: 'swig',
+
+	// The secret should be set to a non-guessable string that
+    // is used to compute a session hash
 	sessionSecret: 'MEAN',
+
+	// The name of the MongoDB collection to store sessions in
 	sessionCollection: 'sessions',
+
+	// The session cookie settings
+    sessionCookie: { 
+    	path: '/',
+    	httpOnly: true,
+    	// If secure is set to true then it will cause the cookie to be set
+    	// only when SSL-enabled (HTTPS) is used, and otherwise it won't
+    	// set a cookie. 'true' is recommended yet it requires the above
+    	// mentioned pre-requisite.
+    	secure: false,
+    	// Only set the maxAge to null if the cookie shouldn't be expired
+    	// at all. The cookie will expunge when the browser is closed.
+    	maxAge: null
+    },
+
+    // The session cookie name
+    sessionName: 'connect.sid',
+
 	assets: {
 		lib: {
 			css: [
diff --git a/config/express.js b/config/express.js
index bea1c88dac..2a577ce943 100755
--- a/config/express.js
+++ b/config/express.js
@@ -93,7 +93,9 @@ module.exports = function(db) {
 		store: new mongoStore({
 			db: db.connection.db,
 			collection: config.sessionCollection
-		})
+		}),
+		cookie: config.sessionCookie,
+        name: config.sessionName
 	}));
 
 	// use passport session

From 84efda1eb04209fe83e08e7e1b6f25d2ba3aad16 Mon Sep 17 00:00:00 2001
From: Liran Tal <liran.tal@gmail.com>
Date: Tue, 14 Oct 2014 12:18:06 +0300
Subject: [PATCH 2/3] fixing identations

---
 config/env/all.js | 30 +++++++++++++++---------------
 config/express.js |  2 +-
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/config/env/all.js b/config/env/all.js
index 17792288ab..eee7db53bd 100644
--- a/config/env/all.js
+++ b/config/env/all.js
@@ -10,28 +10,28 @@ module.exports = {
 	templateEngine: 'swig',
 
 	// The secret should be set to a non-guessable string that
-    // is used to compute a session hash
+	// is used to compute a session hash
 	sessionSecret: 'MEAN',
 
 	// The name of the MongoDB collection to store sessions in
 	sessionCollection: 'sessions',
 
 	// The session cookie settings
-    sessionCookie: { 
-    	path: '/',
-    	httpOnly: true,
-    	// If secure is set to true then it will cause the cookie to be set
-    	// only when SSL-enabled (HTTPS) is used, and otherwise it won't
-    	// set a cookie. 'true' is recommended yet it requires the above
-    	// mentioned pre-requisite.
-    	secure: false,
-    	// Only set the maxAge to null if the cookie shouldn't be expired
-    	// at all. The cookie will expunge when the browser is closed.
-    	maxAge: null
-    },
+	sessionCookie: { 
+		path: '/',
+		httpOnly: true,
+		// If secure is set to true then it will cause the cookie to be set
+		// only when SSL-enabled (HTTPS) is used, and otherwise it won't
+		// set a cookie. 'true' is recommended yet it requires the above
+		// mentioned pre-requisite.
+		secure: false,
+		// Only set the maxAge to null if the cookie shouldn't be expired
+		// at all. The cookie will expunge when the browser is closed.
+		maxAge: null
+	},
 
-    // The session cookie name
-    sessionName: 'connect.sid',
+	// The session cookie name
+	sessionName: 'connect.sid',
 
 	assets: {
 		lib: {
diff --git a/config/express.js b/config/express.js
index 2a577ce943..30d05b4ae8 100755
--- a/config/express.js
+++ b/config/express.js
@@ -95,7 +95,7 @@ module.exports = function(db) {
 			collection: config.sessionCollection
 		}),
 		cookie: config.sessionCookie,
-        name: config.sessionName
+		name: config.sessionName
 	}));
 
 	// use passport session

From 7174625bc1f43295dff81443b1aef162cad079c5 Mon Sep 17 00:00:00 2001
From: Liran Tal <liran.tal@gmail.com>
Date: Mon, 3 Nov 2014 23:20:28 +0200
Subject: [PATCH 3/3] added domain configuration option if required to set the
 cookie for a specific host

---
 config/env/all.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/config/env/all.js b/config/env/all.js
index eee7db53bd..ec52a09b61 100644
--- a/config/env/all.js
+++ b/config/env/all.js
@@ -27,7 +27,10 @@ module.exports = {
 		secure: false,
 		// Only set the maxAge to null if the cookie shouldn't be expired
 		// at all. The cookie will expunge when the browser is closed.
-		maxAge: null
+		maxAge: null,
+		// To set the cookie in a specific domain uncomment the following 
+		// setting:
+		// domain: 'yourdomain.com'
 	},
 
 	// The session cookie name