modify server readme, add cookie security

Author: andrewjcho84

server/README.md

@@ -5,6 +5,13 @@
 
 **ReacType Server** is the backend complement to the visual React prototyping tool **ReacType**. It is built in **Node.js** with the **Express** framework linked to **MongoDB** to handle user authentication (personal accounts on our own database as well as through Github Oauth), sessions, and user project management. The server itself is officially deployed through Heroku, but you can host your own local environment to communicate with the database with this repo.
 
+**For future development teams**: If you wish to update the server and re-deploy through heroku, you will need to get the credentials from one of the last team members:
+
+- [Tyler Sullberg](https://www.linkedin.com/in/tyler-sullberg) [@tsully](https://github.com/tsully)
+- [Andrew Cho](https://www.linkedin.com/in/andrewjcho84/) [@andrewjcho84](https://github.com/andrewjcho84)
+- [Aaron Bumanglag](https://www.linkedin.com/in/akbuma) [@akbuma](https://github.com/akbuma)
+- [Fredo Chen](https://www.linkedin.com/in/fredochen/) [@fredosauce](https://github.com/fredosauce)
+
 If `npm` is your package manager, you just need to run the script `npm run dev` and it will start the server on `http://localhost:5000` for your development environment.
 
 Endpoint testing is currently integrated with Jest and Supertest as well and can be run by `npm run test` or `npm run test:watch` for watch mode.

server/controllers/cookieController.js

@@ -3,7 +3,11 @@ const cookieController = {};
 // setSSIDCookie - store the user id from database in cookie
 cookieController.setSSIDCookie = (req, res, next) => {
   // set cookie with key 'ssid' and value to user's id
-  res.cookie('ssid', res.locals.id);
+  res.cookie('ssid', res.locals.id, {
+    httpOnly: true,
+    sameSite: 'None',
+    secure: true
+  });
   return next();
 };