For future humble coders, that will stumble upon this – I’m posting an up-to-date answer:
As the official description of express-session middleware says here: express-session
Since version 1.5.0, the
cookie-parsermiddleware no longer needs to
be used for this module to work. This module now directly reads and
writes cookies on req/res. Usingcookie-parsermay result in issues if
the secret is not the same between this module andcookie-parser.
Therefore, just use express-session middleware and have a nice day.