-2

I ran a console.log(req); to see what was there and found that the data from the DB is shown together with the session data

sessionStore: MySQLStore {
    . . .
    options: {
      host: 'localhost',
      user: 'root',
      password: '1324',
      database: 'dbso',
      endConnectionOnClose: true,
      clearExpired: true,
      checkExpirationInterval: 900000,
      expiration: 86400000,
      createDatabaseTable: true,
      connectionLimit: 1,
      charset: 'utf8mb4_bin',
      schema: [Object]
    }, . . .

I am working with express-mysql-session and express-session

app.use(session({
    secret: "sss",
    resave: false,
    saveUninitialized: false,
    store: new mySQLStore({ /*Database info*/ })
}));

My concern and doubt is how much I should worry about this, and if I should worry about it, how can I solve it?

Our site uses cookies to store user sessions.

The summary of my doubt is, can the req become viewable/obtainable from the user side?

3 Answers3

0

It looks like you are doing calling console.log from the node process. Unless you are doing something very strange (eg sending this req object back to client via say http), this will not be visible from client side.

Anmol Gautam
  • 949
  • 1
  • 12
  • 27
0

If it makes you feel better, that has been there 8 years in express-session, see this, it's completely intentional, and nobody's has complained.

I think it's only added to the req that you recieve. but the client side has no access to it

Fabricio-191
  • 1
  • 2
0

The summary of my doubt is, can the req become viewable/obtainable from the user side?

No.

The request object is used to pass data between middleware and end point handlers. It is only visible on the server.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335