If you ever made a web app in JS, chances are you used Express as a web framework, Passport for user authentication, and express-session to maintain users logged in. This article focuses on sessions and how we forked express-session to make it more secure.

First off, why forking express-session? Simple, we wanted to use express-session in Saasform, but we weren’t ok with the security tradeoffs. Instead of building an independent session system, we decided to make a drop-in replacement for Express that you can use too.

Just to be crystal clear, this is a library released by Saasform; it’s not a library that uses or depends upon Saasform.

Show me an example!

Let’s clarify with an  example:

var express = require('express')
var parseurl = require('parseurl')
var session = require('express-session-jwt')

var app = express()

#cybersecurity #express #security #javascript #authentication