Resolve merge conflicts

README.md

@@ -410,6 +410,7 @@ app.set('https options', {}) // any options to pass to the https server app.set(
 app.set('session key', 'ravel.sid'); // the cookie name to use for sessions
 app.set('session max age', null); // session maxAge (default never expires)
 app.set('session secure', true); // toggles Secure attribute for session cookies. true by default, and always true when app.get('https') is true.
+app.set('session rolling', false); // force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown.
 app.set('app route', '/'); // if you have a UI, this is the path users will be sent to when they are logged in
 app.set('login route', '/login'); // if users aren't logged in and you redirect them, this is where they'll be sent
 app.set('public directory', undefined); // if you want to statically serve a directory

jest/core/params.test.js

@@ -118,6 +118,7 @@ describe('Ravel', () => {
         'session key': 'ravel.sid',
         'session max age': null,
         'session secure': true,
+        'session rolling': false,
         'log level': 'NONE' // not a default, but we've set this in beforeEach
       };
       app.set('keygrip keys', ['123abc']);

lib/ravel.js

@@ -98,6 +98,7 @@ class Ravel extends AsyncEventEmitter {
     this.registerParameter('session key', true, 'ravel.sid');
     this.registerParameter('session max age', true, null);
     this.registerParameter('session secure', true, true);
+    this.registerParameter('session rolling', true, false);
     // Passport parameters
     this.registerParameter('app route', false, '/');
     this.registerParameter('login route', false, '/login');
@@ -273,10 +274,10 @@ class Ravel extends AsyncEventEmitter {
       overwrite: true, /* (boolean) can overwrite or not (default true) */
       httpOnly: true, /* (boolean) httpOnly or not (default true) */
       signed: true, /* (boolean) signed or not (default true) */
-      rolling: false, /* (boolean) Force a session identifier cookie to be set on every response.
+      secure: this.get('https') || this.get('session secure'), /* (boolean) secure or not (default true) */
+      rolling: this.get('session rolling') /* (boolean) Force a session identifier cookie to be set on every response.
                          The expiration is reset to the original maxAge, resetting the expiration
                          countdown. default is false */
-      secure: this.get('https') || this.get('session secure') /* (boolean) secure or not (default true) */
     };
     app.use(session(sessionOptions, app));