Implement secure authentication sessions with HTTP cookies and Express-Session. Covers Redis storage, CSRF protection, JWT comparison, and remember-me tokens.
Tutorial series
Web Security
7 tutorials — follow in order for the best learning path.
- Authentication Sessions: Secure Login with Cookies and Express-Session
- Authentication Tokens and JWT: Secure Web App Authentication
Learn how authentication tokens and JSON Web Tokens (JWT) work in JavaScript apps. From token structure and signing to secure storage and common attacks.
- CSRF Protection: How to Stop Cross-Site Request Forgery
How CSRF protection stops cross-site request forgery in JavaScript apps with SameSite cookies, synchronizer tokens, double-submit cookies, and custom headers.
- Input Sanitization and Validation in JavaScript
Learn input sanitization and validation in JavaScript to prevent XSS, SQL injection, and command injection attacks in web applications.
- Content Security Policy (CSP) in JavaScript Applications
How to configure Content Security Policy headers to control which resources load on your page. Use directives, nonces, and hashes to stop XSS attacks.
- Subresource Integrity and Supply Chain
Learn how to protect your web applications from supply chain attacks using Subresource Integrity (SRI) hashes on external resources.
- Cross-Site Scripting (XSS) Prevention in JavaScript
Learn how XSS attacks work and how to prevent them in JavaScript. Covers stored, reflected, and DOM-based XSS with CSP, escaping, and safe DOM APIs.