Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialanish raj
Courses Plus Student 48 PointsSecure login using cookie
In my nodejs app I'm using express-sessions module for login system. I prefer Database for Session ID storage rather than file system storage for some reason. My question as follows.
when user logged In (say A and B) . I have to provide cookie( A-1234 and B-5678) in encrypted form and redirect them to a page of my choice. Now when used navigate to another page. I will retrieve the cookie( which is Unique among all user). and check for the corresponding user and show all their personal Information. Here when I copy the cookie of User A and Paste it in another window of User B. What happening is not at all surprising . All Personal Information of User A is displayed to User B which is unacceptable. But I tried with websites like amazon.com, gmail.com and teamtreehouse.com but they are not displaying 3rd person Information. How to do so?. Thanks in Advance
1 Answer
Steven Parker
231,248 PointsHi, I got your request.
But I'm not sure why accessing information by pasting the cookie is "unacceptable". It's only possible to paste the cookie because you already successfully logged in as the other user. So your access to the other user's information is legitimate.
I'm not familiar with how those other sites work, but it could be they use something other than or in addition to cookies such as server-side session data for access control.
anish raj
Courses Plus Student 48 Pointsanish raj
Courses Plus Student 48 PointsThanks for your time Steven Parker. I Appreciate your answer.