0
0
Expressframework~20 mins

Session-based auth with express-session - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Session Auth Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens after a successful login with express-session?
Consider this Express route using express-session for login:
app.post('/login', (req, res) => {
  const { username, password } = req.body;
  if (username === 'user' && password === 'pass') {
    req.session.user = username;
    res.send('Logged in');
  } else {
    res.status(401).send('Unauthorized');
  }
});

What will be stored in the session after a successful login?
ANothing is saved in the session; session remains empty.
BAn object { username: 'user', password: 'pass' } is saved in req.session.user.
CThe username string 'user' is saved in req.session.user.
DThe password string 'pass' is saved in req.session.password.
Attempts:
2 left
💡 Hint
Look at what property of req.session is assigned after login.
state_output
intermediate
2:00remaining
What is the session state after logout?
Given this logout route:
app.post('/logout', (req, res) => {
  req.session.destroy(err => {
    if (err) {
      return res.status(500).send('Error');
    }
    res.send('Logged out');
  });
});

What is the state of req.session after logout completes successfully?
Areq.session is undefined or null after destroy.
Breq.session still contains previous user data.
Creq.session is an empty object {}.
Dreq.session contains a flag loggedOut: true.
Attempts:
2 left
💡 Hint
What does req.session.destroy() do to the session?
📝 Syntax
advanced
2:00remaining
Which code correctly configures express-session middleware?
Choose the correct way to set up express-session middleware with a secret and resave option:
Aapp.use(session({ secret: 'mysecret', resave: false, saveUninitialized: true }));
Bapp.use(session({ secret: 'mysecret', resave: false, saveUninitialized }));
Capp.use(session({ secret: 'mysecret', resave: 'false', saveUninitialized: true }));
Dapp.use(session = { secret: 'mysecret', resave: false, saveUninitialized: true });
Attempts:
2 left
💡 Hint
Check the syntax for calling middleware and option types.
🔧 Debug
advanced
2:00remaining
Why does session data not persist between requests?
A developer uses express-session but notices session data resets on every request. Which mistake causes this?
app.use(session({
  secret: 'secret',
  resave: false,
  saveUninitialized: false
}));

app.get('/set', (req, res) => {
  req.session.value = 42;
  res.send('Value set');
});

app.get('/get', (req, res) => {
  res.send('Value: ' + req.session.value);
});
AsaveUninitialized is false, so session never created.
Bresave is false, so session never saves changes.
CThe app is missing cookie-parser middleware before session.
DThe client does not accept cookies, so session ID is lost.
Attempts:
2 left
💡 Hint
Think about how sessions track users across requests.
🧠 Conceptual
expert
2:00remaining
What is the main security risk if express-session secret is exposed?
If the secret used in express-session middleware is leaked, what is the biggest risk?
AAttackers can read all session data stored on the server.
BAttackers can forge session cookies and impersonate users.
CAttackers can delete sessions from the session store remotely.
DAttackers can cause the server to crash by sending malformed cookies.
Attempts:
2 left
💡 Hint
Think about what the secret is used for in cookie signing.