Client SDK for session hijacking prevention
npm install anti-session-hijackbash
npm i anti-session-hijack
`
$3
- On login, hash the auth token and store it in Redis with the user’s fingerprint
- On every request, recompute the fingerprint
- Compare the stored fingerprint with the received one
- If they differ → session hijack detected
$3
addSession(authTokenHash, fingerprint, redis)
Stores a new session in Redis.
##### Example
`bash
import { addSession } from "anti-session-hijack";
await addSession(authTokenHash, fingerprint, redis);
`
verifySession(authTokenHash, fingerprint, redis)
Verifies if the session is valid or hijacked.
Returns
`bash
{
valid: boolean;
hijacked?: boolean;
receivedFingerprint?: string;
}
`
##### Example
`bash
import { verifySession } from "anti-session-hijack";
const result = await verifySession(authTokenHash, fingerprint, redis);
`
email(service, senderEmail, senderAppPassword, receiverEmail)
Sends a session hijack alert email to the affected user.
`bash
import { email } from "anti-session-hijack";
await email(
"gmail",
process.env.EMAIL_ID!,
process.env.EMAIL_APP_PASSWORD!,
userEmail
);
`
##### Email Content Sent to User:
`bash
Subject: "Security Alert: Session Hijacked",
Body:
Hello,
We detected suspicious activity on your account.
Your session appears to have been hijacked.
To protect your account, please:
1. Log out immediately
2. Log in again
3. Change your password if needed
If this was not you, take action as soon as possible to secure your account.
Stay safe,
Security Team
`
This email is intended to immediately alert the user and guide them to secure their account.
Redis Compatibility
This package works with any Redis client that supports:
`bash
redis.get(key)
redis.set(key, value)
``