Session name and secure cookies (#83)

* Added session name and security * Removed unsued import
ScottLogic · Aug 8, 2023 · a09c06c · a09c06c
1 parent d49e02f
commit a09c06c
Showing 1 changed file with 14 additions and 8 deletions.
diff --git a/backend/src/app.js b/backend/src/app.js
@@ -15,14 +15,20 @@ const port = process.env.PORT || 3001;
 const app = express();
 // for parsing application/json
 app.use(express.json());
+
 // use session
-app.use(
-  session({
-    secret: process.env.SESSION_SECRET,
-    resave: false,
-    saveUninitialized: true,
-  })
-);
+const sess = {
+  secret: process.env.SESSION_SECRET,
+  name: "prompt-injection.sid",
+  resave: false,
+  saveUninitialized: true,
+  cookie: {},
+};
+// serve secure cookies in production
+if (app.get("env") === "production") {
+  sess.cookie.secure = true;
+}
+app.use(session(sess));
 
 // main model for chat 
 initOpenAi();
@@ -58,4 +64,4 @@ app.use(function (req, res, next) {
 app.use("/", router);
 app.listen(port, () => {
   console.log("Server is running on port: " + port);
-});
+});