I have seen several variations. Suppose I wish my cookie to expire after one second. Should I use
app.use(express.session({ secret: 'mysecret', maxAge: new Date(Date.now() + 1000)}));
or
app.use(express.session({ secret: 'mysecret', maxAge: 1000}));
or
app.use(express.session({ secret: 'mysecret', cookie: {maxAge: new Date(Date.now() + 1000)}}));
or
app.use(express.session({ secret: 'mysecret', cookie: {maxAge: 1000}}));
Also suppose I have set my cookie expiring correctly and it has expired. If the user does not restart their browser do they still retain the cookie information until they do so?
I think you'll be better off looking at the source directly.
For Express it uses connect middleware, and here's the code for session https://github.com/senchalabs/connect/blob/master/lib/middleware/session.js#L67
And theres more documentation at the connect site http://www.senchalabs.org/connect/session.html
So you can do
app.use(express.session({ secret: 'mysecret', cookie: {expires: new Date(Date.now() + 1000)}}));
or
app.use(express.session({ secret: 'mysecret', cookie: {maxAge: 1000}}));