closes #4989

app.js

@@ -117,6 +117,9 @@ function start() {
 	if (!nconf.get('upload_path')) {
 		nconf.set('upload_path', '/public/uploads');
 	}
+	if (!nconf.get('sessionKey')) {
+		nconf.set('sessionKey', 'express.sid');
+	}
 	// Parse out the relative_url and other goodies from the configured URL
 	var urlObject = url.parse(nconf.get('url'));
 	var relativePath = urlObject.pathname !== '/' ? urlObject.pathname : '';

src/socket.io/index.js

@@ -133,10 +133,10 @@ var ratelimit = require('../middleware/ratelimit');
 
 	function validateSession(socket, callback) {
 		var req = socket.request;
-		if (!req.signedCookies || !req.signedCookies['express.sid']) {
+		if (!req.signedCookies || !req.signedCookies[nconf.get('sessionKey')]) {
 			return callback(new Error('[[error:invalid-session]]'));
 		}
-		db.sessionStore.get(req.signedCookies['express.sid'], function (err, sessionData) {
+		db.sessionStore.get(req.signedCookies[nconf.get('sessionKey')], function (err, sessionData) {
 			if (err || !sessionData) {
 				return callback(err || new Error('[[error:invalid-session]]'));
 			}
@@ -157,7 +157,7 @@ var ratelimit = require('../middleware/ratelimit');
 				cookieParser(request, {}, next);
 			},
 			function (next) {
-				db.sessionStore.get(request.signedCookies['express.sid'], function (err, sessionData) {
+				db.sessionStore.get(request.signedCookies[nconf.get('sessionKey')], function (err, sessionData) {
 					if (err) {
 						return next(err);
 					}

src/webserver.js

@@ -108,7 +108,7 @@ function setupExpressApp(app) {
 	app.use(session({
 		store: db.sessionStore,
 		secret: nconf.get('secret'),
-		key: 'express.sid',
+		key: nconf.get('sessionKey'),
 		cookie: setupCookie(),
 		resave: true,
 		saveUninitialized: true