Enhancing Node.js Applications with Sessions and Cookies

Understand how to manage user sessions and cookies to build stateful applications in Node.js.
0 likes
203 views
Rule Content

{
  "title": "Enhancing Node.js Applications with Sessions and Cookies",
  "description": "Understand how to manage user sessions and cookies to build stateful applications in Node.js.",
  "category": "Node.js Cursor Rules",
  "rules": [
    {
      "id": "nodejs-session-cookie-management",
      "description": "Ensure secure and efficient management of user sessions and cookies in Node.js applications.",
      "severity": "error",
      "patterns": [
        {
          "pattern": "app.use\\(session\\(\\{[^}]*\\}\\)\\);",
          "message": "Ensure that session middleware is configured with secure options, including 'secret', 'resave', 'saveUninitialized', and 'cookie' settings."
        },
        {
          "pattern": "cookie:\\s*\\{[^}]*\\}",
          "message": "Configure session cookies with 'secure', 'httpOnly', and 'sameSite' attributes to enhance security."
        },
        {
          "pattern": "res.cookie\\([^,]+,\\s*[^,]+,\\s*\\{[^}]*\\}\\);",
          "message": "Set cookies with 'secure', 'httpOnly', and 'sameSite' attributes to prevent security vulnerabilities."
        },
        {
          "pattern": "req.session.regenerate\\(function\\(err\\)\\s*\\{[^}]*\\}\\);",
          "message": "Regenerate session IDs after authentication to prevent session fixation attacks."
        },
        {
          "pattern": "req.session.destroy\\(function\\(err\\)\\s*\\{[^}]*\\}\\);",
          "message": "Destroy sessions upon user logout to prevent unauthorized access."
        }
      ],
      "examples": [
        {
          "code": "app.use(session({ secret: 'your-secret-key', resave: false, saveUninitialized: true, cookie: { secure: true, httpOnly: true, sameSite: 'strict' } }));",
          "description": "Correct: Secure session middleware configuration."
        },
        {
          "code": "res.cookie('sessionId', 'abc123', { secure: true, httpOnly: true, sameSite: 'strict' });",
          "description": "Correct: Secure cookie setting."
        },
        {
          "code": "req.session.regenerate(function(err) { if (err) return next(err); // continue with request });",
          "description": "Correct: Regenerating session ID after authentication."
        },
        {
          "code": "req.session.destroy(function(err) { if (err) return next(err); // continue with request });",
          "description": "Correct: Destroying session upon user logout."
        }
      ]
    }
  ]
}
Enhancing Node.js Applications with Sessions and Cookies

Rule Content

Categories

Tags
