0
0
NestJSframework~20 mins

Session-based authentication in NestJS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Session Auth Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens when a user logs in with session-based authentication in NestJS?

Consider a NestJS app using session-based authentication. When a user logs in successfully, what is stored in the session?

AThe user's ID or identifying info is saved in the session cookie on the client.
BA session ID is saved in the cookie, and user data is stored server-side linked to that ID.
CThe entire user object is saved in the session cookie on the client.
DNo data is saved; the server just remembers the login temporarily.
Attempts:
2 left
💡 Hint

Think about what data should stay private and where it is safest to store it.

📝 Syntax
intermediate
2:00remaining
Which NestJS code snippet correctly sets up session middleware for authentication?

Choose the correct way to configure session middleware in a NestJS app using express-session.

Aapp.use(session({ secret: 'secretKey', resave: false, saveUninitialized: false }));
Bapp.use(session({ secret: 'secretKey', resave: true, saveUninitialized: true }));
Capp.use(session({ secret: 'secretKey' }));
Dapp.use(session({ resave: false, saveUninitialized: false }));
Attempts:
2 left
💡 Hint

Look for the option that includes all required properties with recommended values.

🔧 Debug
advanced
2:00remaining
Why does the session not persist after login in this NestJS code?

Given this NestJS controller snippet, the session does not persist after login. What is the likely cause?

async login(@Req() req) {
  req.session.user = { id: 1, name: 'Alice' };
  return 'Logged in';
}
AThe session middleware is not applied before the controller runs.
BThe user object is not serializable and causes an error.
CThe session cookie is missing the HttpOnly flag.
DThe controller method should return the session object.
Attempts:
2 left
💡 Hint

Think about middleware order and when sessions become available.

state_output
advanced
2:00remaining
What is the value of req.session.user after logout in this NestJS example?

In this logout method, what will be the value of req.session.user after calling req.session.destroy()?

async logout(@Req() req) {
  req.session.destroy(err => {
    if (err) throw err;
  });
  return 'Logged out';
}
AIt will throw an error when accessed.
BIt will still hold the user object until the server restarts.
CIt will be null but still accessible.
DIt will be undefined because the session is destroyed.
Attempts:
2 left
💡 Hint

Consider what happens to session data after destroy is called.

🧠 Conceptual
expert
3:00remaining
Why is session-based authentication considered stateful compared to token-based?

Choose the best explanation why session-based authentication is stateful while token-based is stateless.

ASession-based uses cookies, token-based uses local storage, so tokens are stateless.
BSession-based requires HTTPS, token-based does not, making tokens stateless.
CSession-based stores user state on the server, requiring server memory; token-based stores all info in the token, no server memory needed.
DSession-based uses encryption, token-based uses hashing, so tokens are stateless.
Attempts:
2 left
💡 Hint

Think about where user login info is stored and how the server tracks sessions.