express-session-fixation
Advanced tools
Readme
Reset express-session session IDs to prevent against fixation attacks
$ npm install --save express-session-fixation
var fixation = require('express-session-fixation');
// Register with express
app.use(fixation(options));
app.use('/api/login', function(req, res, next) {
req.login();
req.resetSessionID().then(function() {
next();
});
});
express-session-fixation accepts an optional options object that may include the following options
Set this to true if you want the session ID to reset every time the user visits. Defaults to false. It's good for security, but may result in longer response times. For this reason, it only resets the ID if the request is a non-AJAX request.
FAQs
Reset express-session session IDs to prevent against fixation attacks
The npm package express-session-fixation receives a total of 182 weekly downloads. As such, express-session-fixation popularity was classified as not popular.
We found that express-session-fixation demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The White House is addressing fragmented cybersecurity regulations as CISOs report spending up to 50% of their time on compliance, aiming to harmonize requirements and improve cybersecurity outcomes.
Security News
Research
The Socket Research Team has identified a malicious Python package that is typosquatting the popular crytic-compile utility, frequently used in popular toolkits and development environments for smart contracts and crypto applications.
Security News
NIST updates on the NVD backlog after media reports that over 50% of KEVs were unenriched since mid-February. They've contracted additional support and partnered with CISA to clear the backlog by fiscal year-end.