diff --git a/examples/auth/index.js b/examples/auth/index.js
index 40b73e6de16..1374221177b 100644
--- a/examples/auth/index.js
+++ b/examples/auth/index.js
@@ -20,10 +20,23 @@ app.set('views', path.join(__dirname, 'views'));
 
 app.use(express.urlencoded())
 app.use(session({
+  name: 'sessionId', // Custom session cookie name
+  resave: false, // don't save session if unmodified
+  app.use(session({
   resave: false, // don't save session if unmodified
   saveUninitialized: false, // don't create session until something stored
-  secret: 'shhhh, very secret'
-}));
+  cookie: {
+    maxAge: 24 * 60 * 60 * 1000, // 24 hours in milliseconds
+    httpOnly: true, // prevent XSS attacks
+    secure: process.env.NODE_ENV === 'production', // HTTPS only in production
+    sameSite: 'strict' // CSRF protection
+  }
+    cookie: {
+      domain: 'yourdomain.com', // Set specific domain
+      secure: true, // Use HTTPS only
+      httpOnly: true, // Prevent XSS
+      maxAge: 24 * 60 * 60 * 1000 // 24 hours
+    }
 
 // Session-persisted message middleware
 
diff --git a/examples/auth/views/login.ejs b/examples/auth/views/login.ejs
index 181c36caf7a..dbe181d7f9a 100644
--- a/examples/auth/views/login.ejs
+++ b/examples/auth/views/login.ejs
@@ -2,7 +2,7 @@
 <%- include('head', { title: 'Authentication Example' }) -%>
 
 <h1>Login</h1>
-<%- message %>
+<%= message %>
 Try accessing <a href="/restricted">/restricted</a>, then authenticate with "tj" and "foobar".
 <form method="post" action="/login">
   <p>
diff --git a/examples/params/index.js b/examples/params/index.js
index 11eef51a592..5353ba6d7cf 100644
--- a/examples/params/index.js
+++ b/examples/params/index.js
@@ -63,9 +63,13 @@ app.get('/user/:user', function (req, res) {
 app.get('/users/:from-:to', function (req, res) {
   var from = req.params.from;
   var to = req.params.to;
-  var names = users.map(function(user){ return user.name; });
-  res.send('users ' + names.slice(from, to + 1).join(', '));
-});
+  var to = parseInt(req.params.to, 10);
+  var from = parseInt(req.params.from, 10);
+  var names = users.map(function(user){ return escapeHtml(user.name); });
+  res.json({ message: 'users', users: names.slice(from, to + 1) });
+
+  // Or using template rendering:
+  // res.render('users', { users: names.slice(from, to + 1) });
 
 /* istanbul ignore next */
 if (!module.parent) {
diff --git a/examples/search/index.js b/examples/search/index.js
index b995b8fab16..5d97ba6c9a3 100644
--- a/examples/search/index.js
+++ b/examples/search/index.js
@@ -54,7 +54,7 @@ app.get('/search/{:query}', function (req, res, next) {
   db.sMembers(query)
     .then((vals) => res.send(vals))
     .catch((err) => {
-      console.error(`Redis error for query "${query}":`, err);
+      console.error('Redis error for query:', JSON.stringify(query), err);
       next(err);
     });
 });