JSPM

express-session-fixation-middleware

1.0.1
    • ESM via JSPM
    • ES Module Entrypoint
    • Export Map
    • Keywords
    • License
    • Repository URL
    • TypeScript Types
    • README
    • Created
    • Published
    • Downloads 7
    • Score
      100M100P100Q36469F
    • License MIT

    Reset express-session session IDs to prevent against fixation attacks

    Package Exports

    • express-session-fixation-middleware
    • express-session-fixation-middleware/index.js

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (express-session-fixation-middleware) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    express-session-fixation-middleware

    Reset express-session session IDs to prevent against fixation attacks

    Install

    $ npm install --save express-session-fixation-middleware

    Usage

    var fixation = require('express-session-fixation-middleware');

// Register with express
app.use(fixation(options));

app.use('/api/login', function(req, res, next) {
    req.login();
    req.resetSessionID().then(function() {
        next();
    });
});

    API

    Options

    express-session-fixation-middleware accepts an optional options object that may include the following options

    everyRequest

    Set this to true if you want the session ID to reset every time the user visits. Defaults to false. It's good for security, but may result in longer response times. For this reason, it only resets the ID if the request is a non-AJAX request.