Expressjs password saving in chrome after redirect

Asked Sep 06 '16 at 09:13

Active Sep 06 '16 at 09:13

Viewed 39 times

Help me please to understand, how to add save password window in chrome(and other browsers), if i redirect user back after secsessful login?

app.put('/login', function(req, res, next) {
  pool.query('SELECT idperson, nickname, email, password FROM person WHERE email=? AND password=?', [req.body.email, req.body.password], function(err, rows, fields, next) {
    if (err) return next(err);
    if (!rows[0]) console.log('Неверные данные');
    else {
      req.session.idperson = rows[0].idperson;
      req.session.email = rows[0].email;
      req.session.password = rows[0].password;
      req.session.nickname = rows[0].nickname;
    }
    res.redirect('back');
  });
});

without redirect window is show'd up after login :(

asked Sep 06 '16 at 09:13

enhaster

You are _saving the users password inside the session_? Please, do **not** do this as it imposes a serious security threat. – roberrrt-s Sep 06 '16 at 09:14
what threat? It's not matter what to save, password or session id. – enhaster Sep 06 '16 at 09:22
That's a very, very dark and wrong mentality. – roberrrt-s Sep 06 '16 at 09:25
what the darK? If some one can steal cockie, then he can steal and session id. Then login with that and do bad. There no different. – enhaster Sep 06 '16 at 09:36
http://stackoverflow.com/questions/19594202/is-it-secure-to-store-a-password-in-a-session – roberrrt-s Sep 06 '16 at 09:37
OK! I will save only token in cookie (and same in mysql). It's that all right? – enhaster Sep 06 '16 at 09:50

Expressjs password saving in chrome after redirect

0 Answers0