express-session-fixation

Reset express-session session IDs to prevent against fixation attacks

Install

$ npm install --save express-session-fixation

Usage

``javascript
var fixation = require('express-session-fixation');

// Register with express
app.use(fixation(options));

app.use('/api/login', function(req, res, next) {
req.login();
req.resetSessionID().then(function() {
next();
});
});

`

API

$3

express-session-fixation accepts an optional options object that may include the following options

$3

Set this to true if you want the session ID to reset every time the user visits. Defaults to false`. It's good for security, but may result in longer response times. For this reason, it only resets the ID if the request is a non-AJAX request.