[frontend] configurable session signing

Author: ar2rsawseen

frontend/express/app.js

@@ -391,7 +391,7 @@ app.get(countlyConfig.path + '/appimages/*', function(req, res) {
 var oneYear = 31557600000;
 app.use(countlyConfig.path, express.static(__dirname + '/public', { maxAge: oneYear }));
 app.use(session({
-    secret: 'countlyss',
+    secret: countlyConfig.web.session_secret || 'countlyss',
     cookie: { httpOnly: true, maxAge: 1000 * 60 * 60 * 24 * 365, secure: countlyConfig.web.secure_cookies || false },
     store: new SkinStore(countlyDb),
     saveUninitialized: false,

frontend/express/config.sample.js

@@ -70,6 +70,7 @@ var countlyConfig = {
     * @property {boolean} use_intercom - true, to use intercom in dashboard for communication with Countly
     * @property {boolean} secure_cookies - true, to use secure cookies, enable only if you have https enabled
     * @property {string} track - allow Countly to collect stats about amount of apps and datapoints as well as feature usage. 
+    * @property {string} session_secret - secret used to sign the session ID cookie. 
     * Possible values are: 
     *    "all" - track all, 
     *    "GA" - track only Global admins, 
@@ -81,7 +82,8 @@ var countlyConfig = {
         host: "localhost",
         use_intercom: true,
         secure_cookies: false,
-        track: "all"
+        track: "all",
+        session_secret: "countlyss"
     },
     /**
     * Legacy value, not supported