1

In this post about sessions, they basically say a session is a way the server has to identify a client (in subsequent requests).

The process consist in giving the client a cookie, that's the id. The client sends a request, the server does something like Session[cookie] --> details.

Some NodeJS/Express servers can create a session on connection, and set the loggin to true after successful authentication. Following the previous paragraph, we could do Session[cookie].loggedIn==true, then allow something.

I can see this either persistent or expiring cookies in the browser "storage" in the console.

But where in the server, and where on my machine is stored this data? Would a persistent cookie persist not only browser shutdown but also PC restart?

HernanProust
  • 11
  • 2
  • I was going to attempt to write a response to this, but you have multiple complex questions here that are each a bit too in depth to cover as a group. Security is a major factor in the use and implementation of sessions, and just glossing over the raw basics would, at best, leave you with more questions; at worst, leave you not understanding all the security implications involved. – Claies Dec 13 '20 at 09:36
  • Hi @Claies I appreciate the comment. Indeed I'm rather confused, but I want to be a good developer and understand this stuff. What do you think would be a more scoped, accessible way to reformulate? I know a bit about symmetric and asym. encryption. I'm just implementing a log in, without emails (so hashing and salt is not important in this simple project). – HernanProust Dec 13 '20 at 09:58
  • Also, my understading is more or less on this level https://github.com/expressjs/express/blob/master/examples/auth/index.js – HernanProust Dec 13 '20 at 10:00
  • well when I refer to security, I'm more referring to things like [Session poisoning](https://en.wikipedia.org/wiki/Session_poisoning), or [Session Fixation](https://en.wikipedia.org/wiki/Session_fixation), or similar issues related to session storage. It's easy to say that it's possible to do something, much harder to explain why you shouldn't. – Claies Dec 13 '20 at 10:03

0 Answers0