The other cookie properties set in this commit are the defaults.
We want a long cookie age so that sessions are as persistent as possible.
The default maxAge is unset, but apparently instead of that meaning
"never expire" it is interpeted by agents as meaning the cookie is
non-peristent (and the agent may delete the cookie on browser close).
secret: process.env.ZOMBOCOM_SESSION_SECRET,
resave: false,
saveUninitialized: true,
- rolling: true
+ rolling: true,
+ // Let each cookie live for a full month
+ cookie: {
+ path: '/',
+ httpOnly: true,
+ secure: false,
+ maxAge: 1000 * 60 * 60 * 24 * 30
+ }
});
app.use(session_middleware);