Extend maxAge of cookies to be a full week

The other cookie properties set in this commit are the defaults.

We want a long cookie age so that sessions are as persistent as possible.

The default maxAge is unset, but apparently instead of that meaning
"never expire" it is interpeted by agents as meaning the cookie is
non-peristent (and the agent may delete the cookie on browser close).

diff --git a/index.js b/index.js
index 7083b13dc1eb790b1c26400ca67de44596a09fd7..b149d09b58733ac1ab0b9da9fae802b2ff304446 100644 (file)
--- a/index.js
+++ b/index.js
@@ -75,7 +75,14 @@ const session_middleware =  session(
      secret: process.env.ZOMBOCOM_SESSION_SECRET,
      resave: false,
      saveUninitialized: true,
-     rolling: true
+     rolling: true,
+     // Let each cookie live for a full month
+     cookie: {
+         path: '/',
+         httpOnly: true,
+         secure: false,
+         maxAge: 1000 * 60 * 60 * 24 * 30
+     }
     });
 
 app.use(session_middleware);