1.0.1 • Published 2 years ago
express-session-fixation-middleware v1.0.1
express-session-fixation-middleware
Reset express-session session IDs to prevent against fixation attacks
Install
$ npm install --save express-session-fixation-middleware
Usage
var fixation = require('express-session-fixation-middleware');
// Register with express
app.use(fixation(options));
app.use('/api/login', function(req, res, next) {
req.login();
req.resetSessionID().then(function() {
next();
});
});
API
Options
express-session-fixation-middleware accepts an optional options object that may include the following options
everyRequest
Set this to true if you want the session ID to reset every time the user visits. Defaults to false
. It's good for security, but may result in longer response times. For this reason, it only resets the ID if the request is a non-AJAX request.
1.0.1
2 years ago