O'Reilly logo

TypeScript Microservices by Parth Ghiya

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Tightening session cookies and effective session management

The focus of the secure use of cookies cannot be understated in an application. This especially applies to stateful services that need to maintain a state across a stateless protocol such as HTTP. Express has a default cookie setting that can be configured or manually tightened to enhance security. There are various options:

  • secret: A secret string with which the cookie has to be salted.
  • name: Name of the cookie.
  • httpOnly: This basically flags cookies, so that they can be accessible by issuing a web server in order to prevent session hijacking.
  • secure: This requires TLS/SSL to allow a cookie to be used only in HTTPS requests.
  • domain: This indicates specific domains only, from which ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required