Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed Session Identifier in Login Cookie #207

Open
tianjk99 opened this issue Dec 4, 2023 · 0 comments
Open

Fixed Session Identifier in Login Cookie #207

tianjk99 opened this issue Dec 4, 2023 · 0 comments
Labels
feature request New feature or request

Comments

@tianjk99
Copy link

tianjk99 commented Dec 4, 2023

The code snippet in the file "mock_backend/index.js" includes a login endpoint ("/api/v2/auth/login") that sets a fixed session identifier (SID) in a cookie. This fixed value of "8c212779b4abde7A" may raise security concerns and need to be addressed.
res.cookie('SID', '8c212779b4abde7A');

To address this issue, it is recommended to modify the code to generate a random session identifier upon successful authentication. The generated session identifier should be unique for each user session and stored securely in the cookie.

Additionally, it is important to follow best practices for secure cookie handling. This includes setting the "Secure" flag to ensure the cookie is only transmitted over HTTPS and setting the "HttpOnly" flag to prevent client-side script access.
@tianjk99 tianjk99 added the feature request New feature or request label Dec 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tianjk99