npm
Sign UpSign In

express-session-fixation

1.0.2 • Public • Published

express-session-fixation

Reset express-session session IDs to prevent against fixation attacks

Install

$ npm install --save express-session-fixation

Usage

var fixation = require('express-session-fixation');

// Register with express
app.use(fixation(options));

app.use('/api/login', function(req, res, next) {
    req.login();
    req.resetSessionID().then(function() {
        next();
    });
});

API

Options

express-session-fixation accepts an optional options object that may include the following options

everyRequest

Set this to true if you want the session ID to reset every time the user visits. Defaults to false. It's good for security, but may result in longer response times. For this reason, it only resets the ID if the request is a non-AJAX request.

Readme

Keywords

none

Package Sidebar

Install

npm i express-session-fixation

Repository

github.com/reggiezhang/express-session-fixation

Homepage

github.com/reggiezhang/express-session-fixation#readme

Weekly Downloads

187

Version

1.0.2

License

MIT

Unpacked Size

2.58 kB

Total Files

3

Last publish

Collaborators

  • reggiezhang
Try on RunKit
Report malware