From 80c98e5ecfa000d7b4e617a5b649c1855f952fb3 Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Tue, 30 Aug 2016 13:25:20 +0300
Subject: [PATCH] closes #4989

---
 app.js                 | 3 +++
 src/socket.io/index.js | 6 +++---
 src/webserver.js       | 2 +-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/app.js b/app.js
index 72aa0e4142..205d0feff3 100644
--- a/app.js
+++ b/app.js
@@ -117,6 +117,9 @@ function start() {
 	if (!nconf.get('upload_path')) {
 		nconf.set('upload_path', '/public/uploads');
 	}
+	if (!nconf.get('sessionKey')) {
+		nconf.set('sessionKey', 'express.sid');
+	}
 	// Parse out the relative_url and other goodies from the configured URL
 	var urlObject = url.parse(nconf.get('url'));
 	var relativePath = urlObject.pathname !== '/' ? urlObject.pathname : '';
diff --git a/src/socket.io/index.js b/src/socket.io/index.js
index 3ec75ecd0d..5ee6050571 100644
--- a/src/socket.io/index.js
+++ b/src/socket.io/index.js
@@ -133,10 +133,10 @@ var ratelimit = require('../middleware/ratelimit');
 
 	function validateSession(socket, callback) {
 		var req = socket.request;
-		if (!req.signedCookies || !req.signedCookies['express.sid']) {
+		if (!req.signedCookies || !req.signedCookies[nconf.get('sessionKey')]) {
 			return callback(new Error('[[error:invalid-session]]'));
 		}
-		db.sessionStore.get(req.signedCookies['express.sid'], function (err, sessionData) {
+		db.sessionStore.get(req.signedCookies[nconf.get('sessionKey')], function (err, sessionData) {
 			if (err || !sessionData) {
 				return callback(err || new Error('[[error:invalid-session]]'));
 			}
@@ -157,7 +157,7 @@ var ratelimit = require('../middleware/ratelimit');
 				cookieParser(request, {}, next);
 			},
 			function (next) {
-				db.sessionStore.get(request.signedCookies['express.sid'], function (err, sessionData) {
+				db.sessionStore.get(request.signedCookies[nconf.get('sessionKey')], function (err, sessionData) {
 					if (err) {
 						return next(err);
 					}
diff --git a/src/webserver.js b/src/webserver.js
index 94e44cc248..d7457e1b95 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -108,7 +108,7 @@ function setupExpressApp(app) {
 	app.use(session({
 		store: db.sessionStore,
 		secret: nconf.get('secret'),
-		key: 'express.sid',
+		key: nconf.get('sessionKey'),
 		cookie: setupCookie(),
 		resave: true,
 		saveUninitialized: true