As I understood the secret key option in connect-mongo, causes that the _id of the session inside the session store in db encrypted by the secret key and send it to client a
