Secure Your Node.js Web Application

Wrapping Up

In this chapter we looked at the session, an integral part of the authentication scheme. We started by setting up a session system and then added layers of security. We looked at how to add a Time-to-Live, secure cookies, mitigate session-fixation attacks, and add protections against hijacking.

Weâve covered our bases for authenticating a user and setting up a secure session, so in the next chapter weâll look at how to allow or deny user access to resources based on the userâs access level.

Footnotes

[51]: https://www.owasp.org/index.php/Session_Management_Cheat_Sheet
[52]: https://github.com/visionmedia/connect-redis
[53]: http://redis.io/
[54]: https://github.com/kcbanner/connect-mongo
[55]: https://github.com/rawberg/connect-sqlite3 ...

Get Secure Your Node.js Web Application now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Secure Your Node.js Web Application by Karl Duuna

Wrapping Up

Footnotes

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly