Secure the Cookies so No One Can Steal Them
When you use cookies as a session identifier, you also need secure cookie handling. Attackers will try to steal cookiesâor more specifically, the session token information stored in those cookies. This attack is called session hijacking because it relies on stealing the token to access the victimâs authenticated session.
You have to first configure the server to limit your exposure and mitigate attack vectors like man-in-the-middle (MITM) and cross-site scripting (XSS). Weâve talked about MITM before in Chapter 3, âStart Connectingâ and will cover XSS more thoroughly in Chapter 11, âFight Cross-Site Scriptsâ. To prevent MITM session hijacking attacks, you need to use HTTPS over the whole ...
Get Secure Your Node.js Web Application now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.