Express中間件--express-session

npm install --save express-session

var session = require('express-session')

設置session-cookie

const Options = {
    secret: 'keyboard cat',          // 必須,This is the secret used to sign the session ID cookie
    genid: function(req) {
        return genuuid();            // use UUIDs for session IDs, 默認使用 uid-safe library 來生成 IDs.
    },
    name: 'session_id',              // 設置 session ID cookie 名字， 默認 'connect.sid'
    proxy: undefined,                // Trust the reverse proxy when setting secure cookies (via the "X-Forwarded-Proto" header).
    resave: false,
    rolling: '',
    saveUninitialized: true,
    store: '',                       // The session store instance, defaults to a new MemoryStore instance
    unset: '',                       // Control the result of unsetting req.session

    cookie: {
        domain: 'localhost:3000',
        expires: null,              // 過時時間，通常只設maxAge，不直接設置expires
        httpOnly: true,             // HttpOnly = true 的 cookie 不能被 js 獲取
        maxAge: 60 * 60 * 1000,
        path: '/',                  // 默認域的根路徑
        sameSite: false,            // 是否禁用第三方 cookie 的設置，true , false , strict, lax 四種模式
        secure: false               // 設置了 secure = true 只能由 https 發送
    }
    // cookie default value is { path: '/', httpOnly: true, secure: false, maxAge: null }

};

空出沒填參數的表示不清楚

app.use(cookieParser(Options.secret));
!注意前後關係
app.use(session(Options))