Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
connect-session
Advanced tools
connect-session
It is a small project which help organize optional sessions in REST applications that uses connect/express. By default connect has only cookie session, that is not applicable and very unconvinient for API projects.
Usage
Generally it based on connect session.js code, so configuration and options almost the same.
For example you have a route that handle session management:
First i expect you will made some configuration and create middleware function:
//you config-session.js file
var connectSession = require('connect-session'),
session = connectSession.session,
header = connectSession.header;
var util = require('../lib/utils');
//you should replace this one with other store (but this used by default)
var MemoryStore = require('../lib/session/memory');
var loaders = [
header({
header: 'X-User-Session' //this used by default, so you can skip this
})
];
var options = {
store: new MemoryStore
}
module.exports.sessionCreate = session(loaders, options);
module.exports.sessionLoad = session(loaders, util.merge(options, {
generateOnMissingSID: false
}));
var sessionCreate = require('./config-session').sessionCreate;
app.get('/sessions/new', sessionCreate, function(req, res) {
res.json({ sid: req.sessionID});
})
This route will return newly created session and initialize session. You should understand that session will be available only in this route. What happen there:
First request will be processed by session middleware (by default it uses MemoryStore to store sessions) it will use
header loader to try to find session id in default header 'X-User-Session' (to change this pass in header options { header: 'My-header'}).
If session id will not be founded new session will be created and its sid will be returned.
Of course you expect that session will be loaded every time it can be loaded, to make this need to add in app general middleware:
var sessionLoad = require('./config-session').sessionLoad;
//do not forget add all needed middleware before!!!
app.use(sessionLoad);
FAQs
Make connect session more convinient for REST API
The npm package connect-session receives a total of 29 weekly downloads. As such, connect-session popularity was classified as not popular.
We found that connect-session demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 Dec 2012
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025