Cookie-session

2/12/2020
Maxime Moreillon
SecurityTutorialsCookies

Cookie-session

User authenticates using username and password, server sets a signed cookie containing serialized user info

app.use(cookieSession({
  name: 'session',
  secret: 'shhhh',
  maxAge: 253402300000000, // infinite
  sameSite: false,
  domain: "yourdomain.com"
}));

key-value pairs can be set using the session property:

req.session.username = "myUsername"

The value is encrypted using the secret defined hereabove

Requires special options for CORS:

app.use(cors({
  origin: [/* origins */],
  credentials: true,
}));

As well as Axios:

axios.defaults.withCredentials = true

This method works well for clients using web browsers with cookies enabled but consequently not so much for mobile or IoT devices