express 4.0 , express-session with odd warning message

As the warnings say, the default values will change so they want to ensure that by setting the values explicitly now, you won't run into unexpected behavior when the defaults do change (in the near future).


I don't have enough rep to add this as comment. I added this for my default value of Ben's answer.

secret: process.env.SESSION_SECRET || '<mysecret>',

app.use(session({
  cookieName: 'session',
  secret: 'eg[isfd-8yF9-7w2315df{}+Ijsli;;to8',
  duration: 30 * 60 * 1000,
  activeDuration: 5 * 60 * 1000,
  httpOnly: true,
  secure: true,
  ephemeral: true,
  resave: true,
  saveUninitialized: true
}));

I found issue useful:

https://github.com/expressjs/session/issues/56

app.use(session({
    secret: cookie_secret,
    resave: true,
    saveUninitialized: true
}));