express 4.0 , express-session with odd warning message
Solution 1:
As the warnings say, the default values will change so they want to ensure that by setting the values explicitly now, you won't run into unexpected behavior when the defaults do change (in the near future).
Solution 2:
I found issue useful:
https://github.com/expressjs/session/issues/56
app.use(session({
secret: cookie_secret,
resave: true,
saveUninitialized: true
}));
Solution 3:
I don't have enough rep to add this as comment. I added this for my default value of Ben's answer.
secret: process.env.SESSION_SECRET || '<mysecret>',
Solution 4:
app.use(session({
cookieName: 'session',
secret: 'eg[isfd-8yF9-7w2315df{}+Ijsli;;to8',
duration: 30 * 60 * 1000,
activeDuration: 5 * 60 * 1000,
httpOnly: true,
secure: true,
ephemeral: true,
resave: true,
saveUninitialized: true
}));