From 794c3d1afe9616fdd611fc8cc8f1c0131998a6a2 Mon Sep 17 00:00:00 2001
From: Marcel Klehr <mklehr@gmx.net>
Date: Sat, 22 Sep 2012 14:05:41 +0200
Subject: [PATCH] Set secret on cookieParser (migrate to express v3)

---
 src/node/hooks/express/webaccess.js | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js
index 99971206e..28cb649e4 100644
--- a/src/node/hooks/express/webaccess.js
+++ b/src/node/hooks/express/webaccess.js
@@ -95,8 +95,6 @@ exports.expressConfigure = function (hook_name, args, cb) {
   // Not installing the log4js connect logger when the log level has a higher severity than INFO since it would not log at that level anyway.
   if (!(settings.loglevel === "WARN" || settings.loglevel == "ERROR"))
     args.app.use(log4js.connectLogger(httpLogger, { level: log4js.levels.INFO, format: ':status, :method :url'}));
-  
-  args.app.use(express.cookieParser());
 
   /* Do not let express create the session, so that we can retain a
    * reference to it for socket.io to use. Also, set the key (cookie
@@ -107,11 +105,12 @@ exports.expressConfigure = function (hook_name, args, cb) {
     exports.sessionStore = new express.session.MemoryStore();
     secret = randomString(32);
   }
+  
+  args.app.use(express.cookieParser(secret));
 
   args.app.sessionStore = exports.sessionStore;
   args.app.use(express.session({store: args.app.sessionStore,
-                                key: 'express_sid',
-                                secret: secret}));
+                                key: 'express_sid' }));
 
   args.app.use(exports.basicAuth);
 }