WebFund 2013F: Tutorial 5

From Soma-notes
Revision as of 04:58, 4 October 2013 by Soma (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

In this tutorial you will examine session-demo, a simple node express application that demonstrates session support.

In this tutorial you should do the following:

  • Get session-demo in the same manner you got form-demo running.
  • Try logging in to the app using two different browsers (e.g., Firefox and Chrome). What happens when you logout from one browser - how does it affect the other?
  • The session state is stored in the browser. Can you figure out the user's username from this information?
  • What does the req.body and req.session look like just before a page gets rendered?

To get checked off, show a TA the following using the browser and server debugging tools covered in the last tutorial (or similar tools):

  • A session cookie sent by the browser
  • A session cookie stored on the server (persistently)

Questions to ponder:

  • Who can observe the cookie? Modify it?
  • How "persistent" are sessions on the server? The client?
  • How could you "hijack" a session? Does the difficulty of session hijacking relate to whether a login is password protected or not?
Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=WebFund_2013F:_Tutorial_5&oldid=18050"