Someone asked: why does the Express session middleware add a hash suffix to the session id cookie? A great question. But first the obligatory disclaimer: like any security advice from someone who d...