Day 40: Cookies and Sessions Again

Continued my web security studies. But I am getting to enjoy going through a video series on using PassportJS and all the topics surrounding the different strategies. I watched the first two videos in the PassportJS playlist and I am stoked! The content is great and the pacing is fair. I will probably have to go through this series at least twice to pull out most of the gems and add them to my notes.

The second video in the series started to go over HTTP Cookies and Sessions. It was very brief but it was a nice shock to the system. I have studied this stuff before but it didn’t stick.

Overall, the series covers a few different topics that surround the use of the PassportJS package. It was interesting to learn that all the strategies available on the site are not built by PassportJS but rather by other contributors. PassportJS much like Express is a framework that allows for middle to be plugged in to work within the framework. I am still just scratching the surface but the exposure process has just begun. I have 9 more videos to get through!

TLDR;

Okay, so here are the highlights of what I did:


Random (Unsorted Notes)

User Authentication Choices

This list of user authentication choices goes from least complex at 1. to the most complex:

  1. Session
  2. JSON Web Token
  3. OAuth
    1. In-House
    2. SaaS
  1. Other / Ad-Hoc

An HTTP protocol is a stateless protocol. This means it has no memory of what the user has done on the site e.g. logging in to their account.

After logging in successfully to a website like Facebook or twitter or something. The server sends a cookie back to be stored on the computer???

The Set-Cookie HTTP response header is used to send a cookie from the server to the user agent, so that the user agent can send it back to the server later. To send multiple cookies, multiple Set-Cookie headers should be sent in the same response.

Syntax
Set-Cookie: <cookie-name>=<cookie-value>
Set-Cookie: <cookie-name>=<cookie-value>; Expires=<date>
Set-Cookie: <cookie-name>=<cookie-value>; Max-Age=<number>
Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>
Set-Cookie: <cookie-name>=<cookie-value>; Path=<path-value>
Set-Cookie: <cookie-name>=<cookie-value>; Secure
Set-Cookie: <cookie-name>=<cookie-value>; HttpOnly

Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Strict
Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Lax
Set-Cookie: <cookie-name>=<cookie-value>; SameSite=None; Secure

// Multiple attributes are also possible, for example:
Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure; HttpOnly


Goal For Round 8 of the #100DaysofCode Challenge

This is my eighth round of the “#100daysofcode” challenge. I will be continuing my work from round five, six, and seven into round eight. I was working through the book “Cracking the Coding Interview” by Gayle Laakmann McDowell. My goal was to become more familiar with algorithms and data structures. This goal was derived from my goal to better understand operating systems and key programs that I use in the terminal regularly e.g. Git. This goal was in turn derived from my desire to better understand the fundamental tools used for coding outside of popular GUIs. This in turn was derived from my desire to be a better back-end developer.

I am currently putting a pause on the algorithm work to build some backend/full stack projects. I primarily want to improve my skills with the back-end from an implementation perspective. I have improved tremendously in terminal and CLI skills but I lost focus due to how abstract the algorithm concepts got. I wanted to work on things that were more tangible until I can get to a position where I could directly benefit from improving my algorithm skills and theoretical knowledge. So that’s the focus right now. Build my backend skills and prove my full stack capabilities by building some dope projects.

Again, I still have no idea if my path is correct but I am walking down this road anyways. Worst case scenario I learn a whole bunch of stuff that will help me out on my own personal projects. Best case scenario I actually become one of those unicorn developers that go on to start a billion dollar company… You never know LOL.