Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
KnightForce2017-01-25 21:16:36
Node.js
KnightForce, 2017-01-25 21:16:36

How to check sessions for authenticity?

Just got into sessions.
I use express-sessions.
Here is stored sid on the client. Through the post data comes from the authorization form. Then, according to the data searched in the database, a user with such a login is searched, if he finds it, it is saved req.session.save().
But the question gnaws, if somehow there is a session substitution, then how to check. There was an idea to check whether there is such a session in the storage for each request to the site.
In my opinion a simple check if(req.session.sid)is not a good idea. It's just checking the existence of a session, but not its authenticity, and each time connecting to the database, comparing is expensive.
But the question is, maybe there are simpler and faster methods? Maybe there are some built-in mechanisms?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
J
JohnxFFF2019-11-11 07:27:48
How to properly organize settings for subdomains? 2Reply
K
kopytse2017-09-22 00:59:11
Is it better to connect the WEB interface to the API or directly to the database? 1Reply
N
Nwton2017-01-23 22:08:40
Where does the session cookie come from? 1Reply
J
jsonuser2021-02-03 18:17:18
How to secure socket.io from outside connections as much as possible? 2Reply
J
jenya77712019-06-18 13:15:07
What temporary storage to choose? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question