mirror of
https://github.com/github/codeql.git
synced 2025-12-21 11:16:30 +01:00
33 lines
726 B
JavaScript
33 lines
726 B
JavaScript
const express = require('express')
|
|
const app = express()
|
|
const session = require('express-session')
|
|
|
|
app.use(session({
|
|
name: 'session',
|
|
keys: ['key1', 'key2'],
|
|
cookie: { httpOnly: true }, // GOOD
|
|
}))
|
|
|
|
app.use(session({
|
|
name: 'session',
|
|
keys: ['key1', 'key2'],
|
|
cookie: { httpOnly: false } // BAD
|
|
}))
|
|
|
|
app.use(session({
|
|
name: 'session',
|
|
keys: ['key1', 'key2'],
|
|
cookie: { secure: true } // GOOD, httpOnly is true by default
|
|
}))
|
|
|
|
app.use(session({ // GOOD, httpOnly is true by default
|
|
name: 'session',
|
|
keys: ['key1', 'key2']
|
|
}))
|
|
|
|
app.use(session({
|
|
name: 'mycookie',
|
|
keys: ['key1', 'key2'],
|
|
cookie: { httpOnly: false } // BAD, It is a session cookie, name doesn't matter
|
|
}))
|