Enforce overriding default config
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
ID: typescript-express/default-session-config
Language: TypeScript
Severity: Warning
Category: Security
CWE: 523
Description
Avoid leaving your session cookies open to exploits or unauthorized access, by overriding default values.
Setting the name
value to something generic is better than using the default value.
Learn More
Non-Compliant Code Examples
import session from "express-session"
app.use(
session({
secret: "secret"
})
)
Compliant Code Examples
import session from "express-session"
app.use(
session({
secret: "secret",
name: 'sessionId'
})
)
Seamless integrations. Try Datadog Code Analysis