Adds httpOnly flag

author: Moritz Friedrich <moritz@matchory.com> 2023-01-05 20:34:45 +0100
committer: Moritz Friedrich <moritz@matchory.com> 2023-01-05 20:34:45 +0100
commit: ad1f06e6723b2b71454a9bed18adcba65abba48c (patch)
tree: 47458902d6146894ed6172a4f0dd67b0bfa2e966 /example/index.ts
parent: cc7b29d4478975ce22bbdbcfbb64eedea67afdf3 (diff)
1 files changed, 14 insertions, 9 deletions
diff --git a/example/index.ts b/example/index.ts
index e990e8a..9e2d9ef 100644
--- a/example/index.ts
+++ b/example/index.ts
@@ -54,15 +54,20 @@ const {
 
 app.use(express.static('./public/'));
 app.use(express.json());
-app.use( session( {
-  secret: 'secret123',
-  saveUninitialized: true,
-  resave: false,
-  cookie: { maxAge: 86400000 },
-  store: new MemoryStore( {
-    checkPeriod: 86_400_000 // prune expired entries every 24h
-  } ),
-} ) );
+app.use(
+  session({
+    secret: 'secret123',
+    saveUninitialized: true,
+    resave: false,
+    cookie: {
+      maxAge: 86400000,
+      httpOnly: true, // Ensure to not expose session cookies to clientside scripts
+    },
+    store: new MemoryStore({
+      checkPeriod: 86_400_000, // prune expired entries every 24h
+    }),
+  }),
+);
 
 /**
  * If the words "metadata statements" mean anything to you, you'll want to enable this route. It
author	Moritz Friedrich <moritz@matchory.com>	2023-01-05 20:34:45 +0100
committer	Moritz Friedrich <moritz@matchory.com>	2023-01-05 20:34:45 +0100
commit	ad1f06e6723b2b71454a9bed18adcba65abba48c (patch)
tree	47458902d6146894ed6172a4f0dd67b0bfa2e966 /example/index.ts
parent	cc7b29d4478975ce22bbdbcfbb64eedea67afdf3 (diff)