mirror of
https://github.com/taobataoma/meanTorrent.git
synced 2026-07-05 07:49:03 +02:00
Refactoring the Session Cookie configuration and adding more configurale parameters
This commit is contained in:
15
config/env/default.js
vendored
15
config/env/default.js
vendored
@@ -9,9 +9,18 @@ module.exports = {
|
||||
},
|
||||
port: process.env.PORT || 3000,
|
||||
templateEngine: 'swig',
|
||||
// Session details
|
||||
// session expiration is set by default to 24 hours
|
||||
sessionExpiration: 24 * (60 * 60 * 1000),
|
||||
// Session Cookie settings
|
||||
sessionCookie: {
|
||||
// session expiration is set by default to 24 hours
|
||||
maxAge: 24 * (60 * 60 * 1000),
|
||||
// httpOnly flag makes sure the cookie is only accessed
|
||||
// through the HTTP protocol and not JS/browser
|
||||
httpOnly: true,
|
||||
// secure cookie should be turned to true to provide additional
|
||||
// layer of security so that the cookie is set only when working
|
||||
// in HTTPS mode.
|
||||
secure: false
|
||||
},
|
||||
// sessionSecret should be changed for security measures and concerns
|
||||
sessionSecret: 'MEAN',
|
||||
// sessionKey is set to the generic sessionId key used by PHP applications
|
||||
|
||||
@@ -118,7 +118,9 @@ module.exports.initSession = function (app, db) {
|
||||
resave: true,
|
||||
secret: config.sessionSecret,
|
||||
cookie: {
|
||||
maxAge: config.sessionExpiration
|
||||
maxAge: config.sessionCookie.maxAge,
|
||||
httpOnly: config.sessionCookie.httpOnly,
|
||||
secure: config.sessionCookie.secure && config.secure.ssl
|
||||
},
|
||||
key: config.sessionKey,
|
||||
store: new MongoStore({
|
||||
|
||||
Reference in New Issue
Block a user