Secure Sessions in JavaScript: Forking Express-Session to Improve Securityby@0x0ece
1,213 reads

Secure Sessions in JavaScript: Forking Express-Session to Improve Security

June 13th 2021
4m
by @0x0ece 1,213 reads
tldt arrow
Read on Terminal Reader
Read this story w/o Javascript

Too Long; Didn't Read

This article focuses on sessions and how we forked express-session to make it more secure. Instead of building an independent session system, we decided to make a drop-in replacement for Express. We use public-key cryptography (ES256) so that you can architect your system with a single "session manager" service that issues tokens and accesses the private key, while you can have as many verifiers as you need with no access to secrets. Our solution uses JWT as session tokens, instead of the hash value of the token in the data store.

Company Mentioned

Mention Thumbnail
featured image - Secure Sessions in JavaScript: Forking Express-Session to Improve Security
Emanuele Cesena HackerNoon profile picture

@0x0ece

Emanuele Cesena

Making the open source @SoloKeysSec and the @Everdragons2 NFT. Former security at Pinterest, now at Jump.


Receive Stories from @0x0ece

react to story with heart

RELATED STORIES

L O A D I N G
. . . comments & more!