Hi, I have an app where I wanna pass some session data to the client the store as a cookie. I'm using express and express session and I have the following express-session settings://session refers to express-session app.use(session({ secret: 'secret', resave: true, name:'session', saveUninitialized: true, })); When I authenticate my user their data is stored in a "session" cookie and on the browser it looks like garbled mess, but in express when I log req.session (on another route) it's in plain text. Is this because express-session is taking care of the encryption/decryption for me under the hood or is there something I'm missing?Furthermore the reason I'm asking this question is to gauge if the data stored in the cookie is secure? Less in terms of others (or the client) seeing the data, but more in terms of if a client would be able to spoof this data without my secret?Thanks! Let me know if any clarification is needed.
Submitted June 02, 2020 at 09:39PM by DivineActions
No comments:
Post a Comment