This user session that we've created isn't a real unique identifier; it's a simplified example for the purpose of demonstrating how cookies work in Express. To get a better user session, we should use the popular middleware express-session instead of our custom implementation:
npm install express-session --save
express-session provides a lot of additional functionalities to manage user sessions, including using unique identifiers and support for writing user sessions to database stores. It's very easy to convert to using express-session, simply replace our custom session import with the express-session module instead, and then configure it to use the following secret and configuration options:
...
var session = require('express-session');
...
app.use(cookieParser(process.env.cookieSecret));
app.use(session({
secret: process.env.cookieSecret,
resave: false,
saveUninitialized: true
}));
...