Secure sessions are easy, but it's not very well documented, so I'm changing that.  Here's a recipe for secure sessions in Node.js when NginX is used as an SSL proxy:

The desired configuration for using NginX as an SSL proxy is to offload SSL processing and to put a hardened web server in front of your Node.js application, like:

` [NODE.JS APP] <- HTTP -> [NginX] <- HTTPS -> [CLIENT] `

To do this, here's what you need to do:

1. Configure Connect(Express) to do sessions:

```javascript

app.enable('trust proxy');
app.use(express.bodyParser());
app.use(express.cookieParser());
app.use(express.session({
   secret: 'Super Secret Password',
   proxy: true,
   key: 'session.sid',
   cookie: {secure: true},
   store: new sessionStore() //NEVER use in-memory store for production - I'm using mongoose/mongodb here
}));
```

2. Configure nginx to do SSL and forward all the requireed headers that COnnect needs to do secure sessions:

```
server {
    listen       443;
    server_name  localhost;

    ssl                  on;
    ssl_certificate      /etc/nginx/nodeapp.crt;
    ssl_certificate_key  /etc/nginx/nodeapp.key;

    ssl_session_timeout  5m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    location / {
#THESE ARE IMPORTATNT
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#This is what tells Connect that your session can be considered secure, even though the protocol node.js sees is only HTTP:        
proxy_set_header X-Forwarded-Proto $scheme; 
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_read_timeout 5m;
        proxy_connect_timeout 5m;
        proxy_pass http://nodeserver;
        proxy_redirect off;
    }
}

```