Added default maxAge to cookie for security reasons

rorylshanks · Mar 16, 2024 · 4fb128b · 4fb128b
1 parent 2b31451
commit 4fb128b
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/lib/http.js b/lib/http.js
@@ -14,13 +14,10 @@ import errorpages from '../util/errorpage.js'
 
 
 var trusted_ranges = ["loopback"].concat(getConfig().trusted_ranges || [])
+log.info({ message: `Setting trusted proxies to ${trusted_ranges}` })
+app.set('trust proxy', trusted_ranges)
 
-if (trusted_ranges) {
-  log.info({ message: `Setting trusted proxies to ${trusted_ranges}` })
-  app.set('trust proxy', trusted_ranges)
-}
-
-
+var defaultCookieOptions = { maxAge: 3600000 }
 
 // Initialize sesssion storage.
 app.use(
@@ -30,7 +27,10 @@ app.use(
     resave: false,
     saveUninitialized: false,
     secret: getConfig().cookie_secret,
-    cookie: getConfig().cookie_settings || { maxAge: 3600000 }
+    cookie: { 
+      ...defaultCookieOptions,
+      ...getConfig().cookie_settings
+    }
   })
 )