Skip to content

laniltee/double-submit-cookies-pattern

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Double Submit Cookies Pattern

This project demonstrates how to use CSRF Tokens and Session IDs to validate sessions and users using NodeJS.


Setup

Requirements

A recent version of NodeJS and NPM.

Running the App

Clone this repository Use master branch !

Steps:

  • Run npm install.
  • Navigate to double-submit-cookies-pattern directory and run node index.js.
  • The app runs on port 3001.
  • Open a web browser and navigate to http://localhost:3001/
  • User username root and password root to log in.

Description

Upon successful user login, the server generates a Session ID and a CSRF Token for the session. Session ID and CSRF token is set as browser cookies. When user submits the form, The server validates whether the Session ID and CSRF Token matches. When user logs out Session ID and CSRF Token are deleted from the server making them unusable.

Note:

  • Auto generated UUIDs are used for Session ID and CSRF Token.

About Project and Author

Project

I did this as an assignment for the subject Secure Software Development (SSD) when I was studying in the final semester of Software Engineering degree at Sri Lanka Institute of Information Technology (SLIIT).

About

How to develop Double Submit Cookies Pattern using NodeJS

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published