* @todo [critical] configure express-session (session store and other options)
* @todo choose a session secret and where to store it
* https://www.npmjs.com/package/express-session
* Sur l'utilité des flags dans les cookies : https://www.information-security.fr/securite-sites-web-lutilite-flags-secure-httponly/
*/
// load data from the session identified by the cookie (if one exists), into req.session
// on ne manipulera pas req.session directement, on laisser toujours passport le faire pour nous
app.use(expressSession({
secret:"asdfjklkjfdsasdfjklkljfdsa",
resave:false,// 'resave: true' forces the session to be saved back to the session store (false OK if store implements touch())
rolling:false,// 'rolling: true' resets expiration at every response
saveUninitialized:true,// 'saveUninitialized: true' forces empty sessions to also be stored in a cookie
//store: ,// default is NOT good => @ofacklam est d'avis d'utiliser 'connect-session-knex', comme ca on peut le plug directement dans notre BDD.
cookie:{
maxAge:3600000,// Une heure avant expiration du cookie (en millisecondes)
//secure: true, // Le cookie ne peut transiter qu'en HTTPS. ATTENTION : If you have your node.js behind a proxy and are using secure: true, you need to set "trust proxy" in express
httpOnly:true
}
}));
app.use(passport.initialize());
//passport.session(): load the user object onto req.user if a serialised user object was found in the req.session
