What's difference with express-session and cookie-session?

Question

I am new with Express. As Express 4.x has removed bundled middlewares. Any middleware I want to use should be required. When I read the README with exp

Answer 1

Let me share an important difference I found: secure cookies.

I have a node process behind an nginx proxy which handles SSL.

I tried with express-session, but I could not enable secure cookies, see issue here.

Then I tried with almost the same code, but with cookie-session instead, something like

   const expressSession = require('cookie-session')

   var expiryDate = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000); // 7 days

    const session = expressSession({
      secret: sessionSecret,
      resave: false,
      saveUninitialized: true,
      cookie: {
        secureProxy: true,
        httpOnly: true,
        domain: 'example.com',
        expires: expiryDate
      }
    })

    app.use(session)

I just changed require('express-session') to require('cookie-session') and added secureProxy: true,: everything worked out of the box.

Note also that both packages are maintained by expressjs so probably in my use case I was lucky finding out that cookie-session fits my needs.