NodeJS express security

app.use(session( {

httpOnly: true, // don't let browser javascript access cookies ever
secure: true, // only use cookies over https
ephemeral: true // delete this cookie when the browser is closed.

)});