If you ever made a web app in JS, chances are you used Express as a web framework, Passport for user authentication, and express-session to maintain users logged in. This article focuses on sessions and how we forked express-session to make it more secure.
First off, why forking express-session? Simple, we wanted to use express-session in Saasform, but we weren’t ok with the security tradeoffs. Instead of building an independent session system, we decided to make a drop-in replacement for Express that you can use too.
Just to be crystal clear, this is a library released by Saasform; it’s not a library that uses or depends upon Saasform.
Let’s clarify with an example:
var express = require('express')
var parseurl = require('parseurl')
var session = require('express-session-jwt')
var app = express()
#cybersecurity #express #security #javascript #authentication