Session,Cookies and Authentication

Knoldus Inc.
Knoldus Inc.CTO & Co-Founder at Knoldus Software à Knoldus Inc.
Presented By: Aanchal Agarwal and Anirudh Singh Chauhan Session, Cookies and Authentication
Lack of etiquette and manners is a huge turn off. Session Etiquettes Punctuality Respect Knolx session timings, you are requested not to join sessions after a 5 minutes threshold post the session start time. Feedback Make sure to submit a constructive feedback for all sessions as it is very helpful for the presenter. Silent Mode Keep your mobile devices in silent mode, feel free to move out of session in case you need to attend an urgent call. Avoid Disturbance Avoid unwanted chit chat during the session.
Agenda Overview 01 02 03 04 05 What is a Session? CSRF Attacks What are Cookies? What is Authentication?
Overview
What are Cookies? ● Cookies are small data that are stored on a client side and sent to the client along with server requests. ● Cookies have various functionality, they can be used for maintaining sessions and adding user-specific features in your web app.
Pros and Cons of Cookies Pros ● Cookies are simple to use and implement ● Occupies less memory ● We can configure cookies ● Cookies persist much longer time than session state ● They do not require any server resources since they are stored on client: ● They are domain-specific ● They can be disabled by the user: ● They are simple to use Cons ● They are not secured ● Difficult to decrypt: ● There are limitations in size ● Can be disabled ● Cookies will not work if the security level is set to high in the browser: ● Users can delete cookies: ● Users browser can refuse cookies, so your code has to anticipate that possibility ● They can easily be hacked: ● There is a limited number of cookie size that can be used
Alternatives to Cookies localStorage:- ● node-localstorage is a drop-in substitute for the browser native localStorage API that runs on node.js. ● This is widely used as an alternative to localStorage for node js. You can have access to all the methods of localStorage like length, setItem, getItem, clear, etc. sessionStorage:- ● The sessionStorage API is amazing and super useful when you need to store data temporarily in the browser. We used to abuse cookies for this, but not all the data that you want to store needs to be synced with the server. ● The sessionStorage API filled that gap, but unfortunately we cannot expect this API to be available and enabled in every browser context.
● Session help to store data across application and pages into the server-side. The web application worked upon HTTP protocol. ● The HTTP is stateless So the application doesn’t know about the previous request or activity, The Session help to solve this problem. What is a Session?
Different ways to store Session You can store sessions following ways into the ExpressJS application. These are common ways to store session data in any programming language. ● Cookie : You can store session into cookie, but it will store data into client side. ● Memory Cache : You can also store session data into cache.As we know, Cache is stored in memory.You can use any of the cache module like Redis and Memcached. ● Database :The database is also option to store session data server side.
What is Authentication? ● Authentication is meant for the identification of users and provision of access rights and contents depending on their id. ● It is an essential part of web development that we can't afford to undermine its security.
Flowchart for Authentication User Place Order Create & Manage View Products Database Server Only available to logged in users. Open to anyone
How is Authentication implemented… User Stores Session Id Session Server Database Cookie Login Request Stores info that user is Authenticated 200 Request Restricted Resource
What is Authorisation and Why we need it? ● Authorization is permitting an authenticated user the permission to perform a given action on specific resources. ● Both authentication and authorization are required to deal with sensitive data assets. Without any of them, you are keeping data vulnerable to data breaches and unauthorized access. ● Authentication and authorization go hand-in-hand
Understanding Of CSRF Attacks ● CSRF stands for Cross-Site Request Forgery ● CSRF is an attack which forces end user to execute unwanted actions on a web application in which he/she is currently authenticated. ● It can happen because cookies are sent with every request to a website - even when those requests come from a different site.
User Server FrontEnd[Views] Intended Request{eg: sends Money to c} Fake Site Cookie Session Intended Request{eg: sends Money to B} Database
Prevention of CSRF ● Token-Based Mitigation 1.Synchronizer token pattern 2.Encrypted based token pattern (ETP) ● JWT authentication
DEMO…Coming Soon
● https://nodejs.org/en/docs ● https://www.geeksforgeeks.org/basic-authentication-in-node-js-using-http-head er/ ● https://www.js-tutorials.com/nodejs-tutorial/ ● https://www.stackhawk.com/blog/node-js-csrf-protection-guide-examples-and- how-to-enable-it/ References
Thank You ! Get in touch with us: Lorem Studio, Lord Building D4456, LA, USA
1 sur 19

Session,Cookies and Authentication

Télécharger pour lire hors ligne
Technologie

In this session, you will learn about what are sessions, cookies, how we can implement authentication in nodejs. And will also see about the CSRF attacks.

Knoldus Inc.
Knoldus Inc.CTO & Co-Founder at Knoldus Software à Knoldus Inc.

Recommandé

Cookies authentication par
Cookies authenticationCookies authentication
Cookies authenticationRsilwal123
162 vues19 diapositives
Presentation on Internet Cookies par
Presentation on Internet CookiesPresentation on Internet Cookies
Presentation on Internet CookiesRitika Barethia
17.9K vues29 diapositives
Internet Cookies par
Internet CookiesInternet Cookies
Internet Cookiesanita gouda
8.3K vues19 diapositives
Client side scripting and server side scripting par
Client side scripting and server side scriptingClient side scripting and server side scripting
Client side scripting and server side scriptingbaabtra.com - No. 1 supplier of quality freshers
14.5K vues19 diapositives
Java Servlets par
Java ServletsJava Servlets
Java ServletsBG Java EE Course
31K vues58 diapositives
Web Cookies par
Web CookiesWeb Cookies
Web Cookiesapwebco
7.1K vues11 diapositives

Contenu connexe

Tendances

Cookie & Session In ASP.NET par
Cookie & Session In ASP.NETCookie & Session In ASP.NET
Cookie & Session In ASP.NETShingalaKrupa
11.3K vues20 diapositives
Web server par
Web serverWeb server
Web serverNirav Daraniya
3.8K vues25 diapositives
Web servers par
Web serversWeb servers
Web serverswebhostingguy
22.1K vues40 diapositives
Introduction to Web Architecture par
Introduction to Web ArchitectureIntroduction to Web Architecture
Introduction to Web ArchitectureChamnap Chhorn
141K vues49 diapositives
Servlet and servlet life cycle par
Servlet and servlet life cycleServlet and servlet life cycle
Servlet and servlet life cycleDhruvin Nakrani
3.6K vues17 diapositives
File sharing technlogies par
File sharing technlogiesFile sharing technlogies
File sharing technlogiesMary May Porto
4.4K vues23 diapositives

Tendances(20)

Cookie & Session In ASP.NET par ShingalaKrupa
Cookie & Session In ASP.NETCookie & Session In ASP.NET
Cookie & Session In ASP.NET
ShingalaKrupa11.3K vues
Web server par Nirav Daraniya
Web serverWeb server
Web server
Nirav Daraniya3.8K vues
Web servers par webhostingguy
Web serversWeb servers
Web servers
webhostingguy22.1K vues
Introduction to Web Architecture par Chamnap Chhorn
Introduction to Web ArchitectureIntroduction to Web Architecture
Introduction to Web Architecture
Chamnap Chhorn141K vues
Servlet and servlet life cycle par Dhruvin Nakrani
Servlet and servlet life cycleServlet and servlet life cycle
Servlet and servlet life cycle
Dhruvin Nakrani3.6K vues
File sharing technlogies par Mary May Porto
File sharing technlogiesFile sharing technlogies
File sharing technlogies
Mary May Porto4.4K vues
Types of User interface par UtsavMandaviya
Types of User interfaceTypes of User interface
Types of User interface
UtsavMandaviya772 vues
Webcrawler par Govind Raj
Webcrawler Webcrawler
Webcrawler
Govind Raj3.9K vues
Firewalls par Ram Dutt Shukla
FirewallsFirewalls
Firewalls
Ram Dutt Shukla21.1K vues
Operating system structures par Rahul Nagda
Operating system structuresOperating system structures
Operating system structures
Rahul Nagda186 vues
web server par nava rathna
web serverweb server
web server
nava rathna3.6K vues
Daemons par christina555
DaemonsDaemons
Daemons
christina5551.7K vues
Ip address par Amandeep Kaur
Ip addressIp address
Ip address
Amandeep Kaur115.4K vues
Web Server par Rokibul Roni
Web ServerWeb Server
Web Server
Rokibul Roni3.3K vues
Client Server Architecture ppt par OECLIB Odisha Electronics Control Library
Client Server Architecture pptClient Server Architecture ppt
Client Server Architecture ppt
OECLIB Odisha Electronics Control Library16.6K vues
Topics in network security par Nasir Bhutta
Topics in network securityTopics in network security
Topics in network security
Nasir Bhutta10.1K vues
Web technology par Selvin Josy Bai Somu
Web technologyWeb technology
Web technology
Selvin Josy Bai Somu40.8K vues
JSON and XML par People Strategists
JSON and XMLJSON and XML
JSON and XML
People Strategists3.4K vues
Firewall & Proxy Server par LakshyaArora12
Firewall & Proxy ServerFirewall & Proxy Server
Firewall & Proxy Server
LakshyaArora12339 vues
introduction to Web system par hashim102
introduction to Web systemintroduction to Web system
introduction to Web system
hashim1024K vues

Similaire à Session,Cookies and Authentication

Enterprise java unit-2_chapter-3 par
Enterprise java unit-2_chapter-3Enterprise java unit-2_chapter-3
Enterprise java unit-2_chapter-3sandeep54552
549 vues21 diapositives
Session and Cookies.pdf par
Session and Cookies.pdfSession and Cookies.pdf
Session and Cookies.pdfHamnaGhani1
2 vues22 diapositives
Microservices Architecture par
Microservices ArchitectureMicroservices Architecture
Microservices ArchitectureLucian Neghina
546 vues61 diapositives
CIS14: Authentication: Who are You? You are What You Eat par
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
1K vues28 diapositives
CIS14: Authentication: Who are You? You are What You Eat par
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
856 vues28 diapositives
OWASP Top 10 Proactive Control 2016 (C5-C10) par
OWASP Top 10 Proactive Control 2016 (C5-C10)OWASP Top 10 Proactive Control 2016 (C5-C10)
OWASP Top 10 Proactive Control 2016 (C5-C10)Narudom Roongsiriwong, CISSP
1.7K vues65 diapositives

Similaire à Session,Cookies and Authentication(20)

Enterprise java unit-2_chapter-3 par sandeep54552
Enterprise java unit-2_chapter-3Enterprise java unit-2_chapter-3
Enterprise java unit-2_chapter-3
sandeep54552549 vues
Session and Cookies.pdf par HamnaGhani1
Session and Cookies.pdfSession and Cookies.pdf
Session and Cookies.pdf
HamnaGhani12 vues
Microservices Architecture par Lucian Neghina
Microservices ArchitectureMicroservices Architecture
Microservices Architecture
Lucian Neghina546 vues
CIS14: Authentication: Who are You? You are What You Eat par CloudIDSummit
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
CloudIDSummit1K vues
CIS14: Authentication: Who are You? You are What You Eat par CloudIDSummit
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
CloudIDSummit856 vues
OWASP Top 10 Proactive Control 2016 (C5-C10) par Narudom Roongsiriwong, CISSP
OWASP Top 10 Proactive Control 2016 (C5-C10)OWASP Top 10 Proactive Control 2016 (C5-C10)
OWASP Top 10 Proactive Control 2016 (C5-C10)
Narudom Roongsiriwong, CISSP1.7K vues
Scalable High-Availability Session Storage with ZSCM par Zend by Rogue Wave Software
Scalable High-Availability Session Storage with ZSCMScalable High-Availability Session Storage with ZSCM
Scalable High-Availability Session Storage with ZSCM
Zend by Rogue Wave Software1.2K vues
Introduction to Web Security par Kamil Lelonek
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web Security
Kamil Lelonek665 vues
Data security in the age of GDPR – most common data security problems par Exove
Data security in the age of GDPR – most common data security problemsData security in the age of GDPR – most common data security problems
Data security in the age of GDPR – most common data security problems
Exove450 vues
C# cookieless session id and application state par Malav Patel
C# cookieless session id and application stateC# cookieless session id and application state
C# cookieless session id and application state
Malav Patel399 vues
Enterprise java unit-2_chapter-2 par sandeep54552
Enterprise java unit-2_chapter-2Enterprise java unit-2_chapter-2
Enterprise java unit-2_chapter-2
sandeep54552134 vues
Geek Sync I CSI for SQL: Learn to be a SQL Sleuth par IDERA Software
Geek Sync I CSI for SQL: Learn to be a SQL SleuthGeek Sync I CSI for SQL: Learn to be a SQL Sleuth
Geek Sync I CSI for SQL: Learn to be a SQL Sleuth
IDERA Software551 vues
Zend server 6 compliance par Yonni Mendes
Zend server 6 complianceZend server 6 compliance
Zend server 6 compliance
Yonni Mendes351 vues
Rest Introduction (Chris Jimenez) par PiXeL16
Rest Introduction (Chris Jimenez)Rest Introduction (Chris Jimenez)
Rest Introduction (Chris Jimenez)
PiXeL161K vues
Session Tracking Methods In Java par Future
Session Tracking Methods In Java Session Tracking Methods In Java
Session Tracking Methods In Java
Future142 vues
Secure Session Management par GuidePoint Security, LLC
Secure Session ManagementSecure Session Management
Secure Session Management
GuidePoint Security, LLC2.6K vues
Sessions&cookies par Tirthika Bandi
Sessions&cookiesSessions&cookies
Sessions&cookies
Tirthika Bandi388 vues
Session and cookies,get and post par baabtra.com - No. 1 supplier of quality freshers
Session and cookies,get and postSession and cookies,get and post
Session and cookies,get and post
baabtra.com - No. 1 supplier of quality freshers837 vues
motorized bike j2ee ppt explanation of project par prabhat kumar
motorized bike j2ee ppt explanation of projectmotorized bike j2ee ppt explanation of project
motorized bike j2ee ppt explanation of project
prabhat kumar4.3K vues
Implementing Microservices Security Patterns & Protocols with Spring par VMware Tanzu
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
VMware Tanzu1.9K vues

Plus de Knoldus Inc.

Graylog par
GraylogGraylog
GraylogKnoldus Inc.
101 vues13 diapositives
Getting Started with Delta Lake on Databricks par
Getting Started with Delta Lake on DatabricksGetting Started with Delta Lake on Databricks
Getting Started with Delta Lake on DatabricksKnoldus Inc.
279 vues15 diapositives
Design Thinking in Project Management par
Design Thinking in Project ManagementDesign Thinking in Project Management
Design Thinking in Project ManagementKnoldus Inc.
48 vues12 diapositives
SpringBoot 3 Observability par
SpringBoot 3 ObservabilitySpringBoot 3 Observability
SpringBoot 3 ObservabilityKnoldus Inc.
218 vues10 diapositives
Cypress Best Pratices for Test Automation par
Cypress Best Pratices for Test AutomationCypress Best Pratices for Test Automation
Cypress Best Pratices for Test AutomationKnoldus Inc.
46 vues22 diapositives
Business Process Automation A Productivity Lever par
Business Process Automation A Productivity LeverBusiness Process Automation A Productivity Lever
Business Process Automation A Productivity LeverKnoldus Inc.
113 vues17 diapositives

Plus de Knoldus Inc.(20)

Graylog par Knoldus Inc.
GraylogGraylog
Graylog
Knoldus Inc.101 vues
Getting Started with Delta Lake on Databricks par Knoldus Inc.
Getting Started with Delta Lake on DatabricksGetting Started with Delta Lake on Databricks
Getting Started with Delta Lake on Databricks
Knoldus Inc.279 vues
Design Thinking in Project Management par Knoldus Inc.
Design Thinking in Project ManagementDesign Thinking in Project Management
Design Thinking in Project Management
Knoldus Inc.48 vues
SpringBoot 3 Observability par Knoldus Inc.
SpringBoot 3 ObservabilitySpringBoot 3 Observability
SpringBoot 3 Observability
Knoldus Inc.218 vues
Cypress Best Pratices for Test Automation par Knoldus Inc.
Cypress Best Pratices for Test AutomationCypress Best Pratices for Test Automation
Cypress Best Pratices for Test Automation
Knoldus Inc.46 vues
Business Process Automation A Productivity Lever par Knoldus Inc.
Business Process Automation A Productivity LeverBusiness Process Automation A Productivity Lever
Business Process Automation A Productivity Lever
Knoldus Inc.113 vues
Resilience4j with Spring Boot par Knoldus Inc.
Resilience4j with Spring BootResilience4j with Spring Boot
Resilience4j with Spring Boot
Knoldus Inc.159 vues
KnolX-K9S par Knoldus Inc.
KnolX-K9SKnolX-K9S
KnolX-K9S
Knoldus Inc.13 vues
Dig Deeper With http4s par Knoldus Inc.
Dig Deeper With http4sDig Deeper With http4s
Dig Deeper With http4s
Knoldus Inc.20 vues
Ansible Tower par Knoldus Inc.
Ansible TowerAnsible Tower
Ansible Tower
Knoldus Inc.192 vues
Scaled Agile Framework par Knoldus Inc.
Scaled Agile FrameworkScaled Agile Framework
Scaled Agile Framework
Knoldus Inc.219 vues
Twitter Finagle par Knoldus Inc.
Twitter FinagleTwitter Finagle
Twitter Finagle
Knoldus Inc.41 vues
Why Should we use Microsoft's Playwright par Knoldus Inc.
Why Should we use Microsoft's PlaywrightWhy Should we use Microsoft's Playwright
Why Should we use Microsoft's Playwright
Knoldus Inc.794 vues
Navigation and Routing in Ionic Apps par Knoldus Inc.
Navigation and Routing in Ionic AppsNavigation and Routing in Ionic Apps
Navigation and Routing in Ionic Apps
Knoldus Inc.95 vues
Methods of Optimization in Machine Learning par Knoldus Inc.
Methods of Optimization in Machine LearningMethods of Optimization in Machine Learning
Methods of Optimization in Machine Learning
Knoldus Inc.370 vues
Vertex AI Presentation par Knoldus Inc.
Vertex AI PresentationVertex AI Presentation
Vertex AI Presentation
Knoldus Inc.124 vues
Reactive Programming par Knoldus Inc.
Reactive ProgrammingReactive Programming
Reactive Programming
Knoldus Inc.31 vues
KnolX AWS Tech. Stack par Knoldus Inc.
KnolX AWS Tech. StackKnolX AWS Tech. Stack
KnolX AWS Tech. Stack
Knoldus Inc.90 vues
Introduction to Amazon Kinesis Data Streams par Knoldus Inc.
Introduction to Amazon Kinesis Data StreamsIntroduction to Amazon Kinesis Data Streams
Introduction to Amazon Kinesis Data Streams
Knoldus Inc.24 vues
Getting started with FP IO par Knoldus Inc.
Getting started with FP IOGetting started with FP IO
Getting started with FP IO
Knoldus Inc.12 vues

Dernier

Kyo - Functional Scala 2023.pdf par
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdfFlavio W. Brasil
400 vues92 diapositives
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f... par
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc
11 vues29 diapositives
Melek BEN MAHMOUD.pdf par
Melek BEN MAHMOUD.pdfMelek BEN MAHMOUD.pdf
Melek BEN MAHMOUD.pdfMelekBenMahmoud
14 vues1 diapositive
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... par
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...Bernd Ruecker
40 vues69 diapositives
Vertical User Stories par
Vertical User StoriesVertical User Stories
Vertical User StoriesMoisés Armani Ramírez
14 vues16 diapositives
SAP Automation Using Bar Code and FIORI.pdf par
SAP Automation Using Bar Code and FIORI.pdfSAP Automation Using Bar Code and FIORI.pdf
SAP Automation Using Bar Code and FIORI.pdfVirendra Rai, PMP
23 vues38 diapositives

Dernier(20)

Kyo - Functional Scala 2023.pdf par Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil400 vues
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f... par TrustArc
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc11 vues
Melek BEN MAHMOUD.pdf par MelekBenMahmoud
Melek BEN MAHMOUD.pdfMelek BEN MAHMOUD.pdf
Melek BEN MAHMOUD.pdf
MelekBenMahmoud14 vues
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... par Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker40 vues
Vertical User Stories par Moisés Armani Ramírez
Vertical User StoriesVertical User Stories
Vertical User Stories
Moisés Armani Ramírez14 vues
SAP Automation Using Bar Code and FIORI.pdf par Virendra Rai, PMP
SAP Automation Using Bar Code and FIORI.pdfSAP Automation Using Bar Code and FIORI.pdf
SAP Automation Using Bar Code and FIORI.pdf
Virendra Rai, PMP23 vues
Evolving the Network Automation Journey from Python to Platforms par Network Automation Forum
Evolving the Network Automation Journey from Python to PlatformsEvolving the Network Automation Journey from Python to Platforms
Evolving the Network Automation Journey from Python to Platforms
Network Automation Forum13 vues
6g - REPORT.pdf par Liveplex
6g - REPORT.pdf6g - REPORT.pdf
6g - REPORT.pdf
Liveplex10 vues
PRODUCT LISTING.pptx par angelicacueva6
PRODUCT LISTING.pptxPRODUCT LISTING.pptx
PRODUCT LISTING.pptx
angelicacueva614 vues
Future of Indian ConsumerTech par Kapil Khandelwal (KK)
Future of Indian ConsumerTechFuture of Indian ConsumerTech
Future of Indian ConsumerTech
Kapil Khandelwal (KK)22 vues
Microsoft Power Platform.pptx par Uni Systems S.M.S.A.
Microsoft Power Platform.pptxMicrosoft Power Platform.pptx
Microsoft Power Platform.pptx
Uni Systems S.M.S.A.53 vues
NET Conf 2023 Recap par Lee Richardson
NET Conf 2023 RecapNET Conf 2023 Recap
NET Conf 2023 Recap
Lee Richardson10 vues
Special_edition_innovator_2023.pdf par WillDavies22
Special_edition_innovator_2023.pdfSpecial_edition_innovator_2023.pdf
Special_edition_innovator_2023.pdf
WillDavies2218 vues
Network Source of Truth and Infrastructure as Code revisited par Network Automation Forum
Network Source of Truth and Infrastructure as Code revisitedNetwork Source of Truth and Infrastructure as Code revisited
Network Source of Truth and Infrastructure as Code revisited
Network Automation Forum27 vues
Data Integrity for Banking and Financial Services par Precisely
Data Integrity for Banking and Financial ServicesData Integrity for Banking and Financial Services
Data Integrity for Banking and Financial Services
Precisely25 vues
Zero to Automated in Under a Year par Network Automation Forum
Zero to Automated in Under a YearZero to Automated in Under a Year
Zero to Automated in Under a Year
Network Automation Forum15 vues
Mini-Track: AI and ML in Network Operations Applications par Network Automation Forum
Mini-Track: AI and ML in Network Operations ApplicationsMini-Track: AI and ML in Network Operations Applications
Mini-Track: AI and ML in Network Operations Applications
Network Automation Forum10 vues
Future of AR - Facebook Presentation par ssuserb54b561
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
ssuserb54b56115 vues
Democratising digital commerce in India-Report par Kapil Khandelwal (KK)
Democratising digital commerce in India-ReportDemocratising digital commerce in India-Report
Democratising digital commerce in India-Report
Kapil Khandelwal (KK)18 vues
PRODUCT PRESENTATION.pptx par angelicacueva6
PRODUCT PRESENTATION.pptxPRODUCT PRESENTATION.pptx
PRODUCT PRESENTATION.pptx
angelicacueva615 vues

Session,Cookies and Authentication

  • 1. Presented By: Aanchal Agarwal and Anirudh Singh Chauhan Session, Cookies and Authentication
  • 2. Lack of etiquette and manners is a huge turn off. Session Etiquettes Punctuality Respect Knolx session timings, you are requested not to join sessions after a 5 minutes threshold post the session start time. Feedback Make sure to submit a constructive feedback for all sessions as it is very helpful for the presenter. Silent Mode Keep your mobile devices in silent mode, feel free to move out of session in case you need to attend an urgent call. Avoid Disturbance Avoid unwanted chit chat during the session.
  • 3. Agenda Overview 01 02 03 04 05 What is a Session? CSRF Attacks What are Cookies? What is Authentication?
  • 5. What are Cookies? ● Cookies are small data that are stored on a client side and sent to the client along with server requests. ● Cookies have various functionality, they can be used for maintaining sessions and adding user-specific features in your web app.
  • 6. Pros and Cons of Cookies Pros ● Cookies are simple to use and implement ● Occupies less memory ● We can configure cookies ● Cookies persist much longer time than session state ● They do not require any server resources since they are stored on client: ● They are domain-specific ● They can be disabled by the user: ● They are simple to use Cons ● They are not secured ● Difficult to decrypt: ● There are limitations in size ● Can be disabled ● Cookies will not work if the security level is set to high in the browser: ● Users can delete cookies: ● Users browser can refuse cookies, so your code has to anticipate that possibility ● They can easily be hacked: ● There is a limited number of cookie size that can be used
  • 7. Alternatives to Cookies localStorage:- ● node-localstorage is a drop-in substitute for the browser native localStorage API that runs on node.js. ● This is widely used as an alternative to localStorage for node js. You can have access to all the methods of localStorage like length, setItem, getItem, clear, etc. sessionStorage:- ● The sessionStorage API is amazing and super useful when you need to store data temporarily in the browser. We used to abuse cookies for this, but not all the data that you want to store needs to be synced with the server. ● The sessionStorage API filled that gap, but unfortunately we cannot expect this API to be available and enabled in every browser context.
  • 8. ● Session help to store data across application and pages into the server-side. The web application worked upon HTTP protocol. ● The HTTP is stateless So the application doesn’t know about the previous request or activity, The Session help to solve this problem. What is a Session?
  • 9. Different ways to store Session You can store sessions following ways into the ExpressJS application. These are common ways to store session data in any programming language. ● Cookie : You can store session into cookie, but it will store data into client side. ● Memory Cache : You can also store session data into cache.As we know, Cache is stored in memory.You can use any of the cache module like Redis and Memcached. ● Database :The database is also option to store session data server side.
  • 10. What is Authentication? ● Authentication is meant for the identification of users and provision of access rights and contents depending on their id. ● It is an essential part of web development that we can't afford to undermine its security.
  • 11. Flowchart for Authentication User Place Order Create & Manage View Products Database Server Only available to logged in users. Open to anyone
  • 12. How is Authentication implemented… User Stores Session Id Session Server Database Cookie Login Request Stores info that user is Authenticated 200 Request Restricted Resource
  • 13. What is Authorisation and Why we need it? ● Authorization is permitting an authenticated user the permission to perform a given action on specific resources. ● Both authentication and authorization are required to deal with sensitive data assets. Without any of them, you are keeping data vulnerable to data breaches and unauthorized access. ● Authentication and authorization go hand-in-hand
  • 14. Understanding Of CSRF Attacks ● CSRF stands for Cross-Site Request Forgery ● CSRF is an attack which forces end user to execute unwanted actions on a web application in which he/she is currently authenticated. ● It can happen because cookies are sent with every request to a website - even when those requests come from a different site.
  • 15. User Server FrontEnd[Views] Intended Request{eg: sends Money to c} Fake Site Cookie Session Intended Request{eg: sends Money to B} Database
  • 16. Prevention of CSRF ● Token-Based Mitigation 1.Synchronizer token pattern 2.Encrypted based token pattern (ETP) ● JWT authentication
  • 18. ● https://nodejs.org/en/docs ● https://www.geeksforgeeks.org/basic-authentication-in-node-js-using-http-head er/ ● https://www.js-tutorials.com/nodejs-tutorial/ ● https://www.stackhawk.com/blog/node-js-csrf-protection-guide-examples-and- how-to-enable-it/ References
  • 19. Thank You ! Get in touch with us: Lorem Studio, Lord Building D4456, LA, USA