1.0.2 • Published 2 years ago

express-session-fixation v1.0.2

Weekly downloads
23
License
MIT
Repository
github
Last release
2 years ago

express-session-fixation

Reset express-session session IDs to prevent against fixation attacks

Install

$ npm install --save express-session-fixation

Usage

var fixation = require('express-session-fixation');

// Register with express
app.use(fixation(options));

app.use('/api/login', function(req, res, next) {
    req.login();
    req.resetSessionID().then(function() {
        next();
    });
});

API

Options

express-session-fixation accepts an optional options object that may include the following options

everyRequest

Set this to true if you want the session ID to reset every time the user visits. Defaults to false. It's good for security, but may result in longer response times. For this reason, it only resets the ID if the request is a non-AJAX request.

@infinitebrahmanuniverse/nolb-express-s@everything-registry/sub-chunk-1636
1.0.2

2 years ago

1.0.1

3 years ago

1.0.0

3 years ago