Set secret on cookieParser (migrate to express v3)

src/node/hooks/express/webaccess.js

@@ -95,8 +95,6 @@ exports.expressConfigure = function (hook_name, args, cb) {
   // Not installing the log4js connect logger when the log level has a higher severity than INFO since it would not log at that level anyway.
   if (!(settings.loglevel === "WARN" || settings.loglevel == "ERROR"))
     args.app.use(log4js.connectLogger(httpLogger, { level: log4js.levels.INFO, format: ':status, :method :url'}));
-  
-  args.app.use(express.cookieParser());
 
   /* Do not let express create the session, so that we can retain a
    * reference to it for socket.io to use. Also, set the key (cookie
@@ -107,11 +105,12 @@ exports.expressConfigure = function (hook_name, args, cb) {
     exports.sessionStore = new express.session.MemoryStore();
     secret = randomString(32);
   }
+  
+  args.app.use(express.cookieParser(secret));
 
   args.app.sessionStore = exports.sessionStore;
   args.app.use(express.session({store: args.app.sessionStore,
-                                key: 'express_sid',
-                                secret: secret}));
+                                key: 'express_sid' }));
 
   args.app.use(exports.basicAuth);
 }