express 4.0 , express-session with odd warning message
node.jsExpressnode.js Problem Overview
I am trying to work through setting up a nodejs app using express 4.x. After stumbling through the middleware-removal issues, I finally got it working.
however, there was a couple of warning messages in the following line of code :
app.use(session({secret: '<mysecret>'})
these warnings were :
Sun, 29 Jun 2014 12:45:10 GMT express-session deprecated pass resave option; default value will change at lib\config\express.js:55:11
Sun, 29 Jun 2014 12:45:10 GMT express-session deprecated pass saveUninitialized option; default value will change at lib\config\express.js:55:11
in the documentation, the default values for resave and saveUninitialized are true.
so, changing the code to read
app.use(session({secret: '<mysecret>',
saveUninitialized: true,
resave: true}));
got rid of the warnings.
So, to get to the point of the question:
why should I have to pass these values in if they are the default values, and why don't I have to pass in the other options ?
node.js Solutions
Solution 1 - node.js
As the warnings say, the default values will change so they want to ensure that by setting the values explicitly now, you won't run into unexpected behavior when the defaults do change (in the near future).
Solution 2 - node.js
I found issue useful:
https://github.com/expressjs/session/issues/56
app.use(session({
secret: cookie_secret,
resave: true,
saveUninitialized: true
}));
Solution 3 - node.js
I don't have enough rep to add this as comment. I added this for my default value of Ben's answer.
secret: process.env.SESSION_SECRET || '<mysecret>',
Solution 4 - node.js
app.use(session({
cookieName: 'session',
secret: 'eg[isfd-8yF9-7w2315df{}+Ijsli;;to8',
duration: 30 * 60 * 1000,
activeDuration: 5 * 60 * 1000,
httpOnly: true,
secure: true,
ephemeral: true,
resave: true,
saveUninitialized: true
}));