Refactoring the Session Cookie configuration and adding more configurale parameters

This commit is contained in:
Liran Tal
2015-08-23 23:59:22 +03:00
parent 51196c54b3
commit 80b63b5cd2
2 changed files with 15 additions and 4 deletions

15
config/env/default.js vendored
View File

@@ -9,9 +9,18 @@ module.exports = {
},
port: process.env.PORT || 3000,
templateEngine: 'swig',
// Session details
// session expiration is set by default to 24 hours
sessionExpiration: 24 * (60 * 60 * 1000),
// Session Cookie settings
sessionCookie: {
// session expiration is set by default to 24 hours
maxAge: 24 * (60 * 60 * 1000),
// httpOnly flag makes sure the cookie is only accessed
// through the HTTP protocol and not JS/browser
httpOnly: true,
// secure cookie should be turned to true to provide additional
// layer of security so that the cookie is set only when working
// in HTTPS mode.
secure: false
},
// sessionSecret should be changed for security measures and concerns
sessionSecret: 'MEAN',
// sessionKey is set to the generic sessionId key used by PHP applications

View File

@@ -118,7 +118,9 @@ module.exports.initSession = function (app, db) {
resave: true,
secret: config.sessionSecret,
cookie: {
maxAge: config.sessionExpiration
maxAge: config.sessionCookie.maxAge,
httpOnly: config.sessionCookie.httpOnly,
secure: config.sessionCookie.secure && config.secure.ssl
},
key: config.sessionKey,
store: new MongoStore({