0
0
NestJSframework~5 mins

Session-based authentication in NestJS - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Recall & Review
beginner
What is session-based authentication?
Session-based authentication is a method where the server creates a session for a user after login and stores session data. The client keeps a session ID cookie to identify the session on future requests.
Click to reveal answer
intermediate
How does NestJS handle sessions for authentication?
NestJS uses middleware like express-session to create and manage sessions. After login, session data is saved on the server, and a session cookie is sent to the client to maintain login state.
Click to reveal answer
beginner
What role does the cookie play in session-based authentication?
The cookie stores the session ID on the client side. It is sent automatically with each request to the server, allowing the server to find the matching session and verify the user's identity.
Click to reveal answer
intermediate
Why is it important to set 'httpOnly' and 'secure' flags on session cookies?
Setting 'httpOnly' prevents JavaScript access to cookies, reducing cross-site scripting risks. 'Secure' ensures cookies are sent only over HTTPS, protecting session data from being intercepted.
Click to reveal answer
intermediate
How do you protect routes in NestJS to allow only authenticated users with sessions?
You use guards like AuthGuard that check if the session exists and is valid before allowing access. If no valid session is found, the guard blocks the request or redirects to login.
Click to reveal answer
In session-based authentication, where is the session data stored?
AOn the server
BIn the client's local storage
CInside the cookie itself
DIn the URL parameters
Which NestJS middleware is commonly used to manage sessions?
Acors
Bbody-parser
Chelmet
Dexpress-session
What does the 'httpOnly' flag on a cookie do?
APrevents JavaScript from accessing the cookie
BMakes the cookie accessible only on HTTP, not HTTPS
CAllows the cookie to be shared across domains
DEncrypts the cookie content
How does the server identify a user in session-based authentication?
ABy decoding a JWT token
BBy checking the user's IP address
CBy reading the session ID from the cookie sent by the client
DBy reading user credentials from the request body
What happens if a user tries to access a protected route without a valid session in NestJS?
AThe user is granted access anyway
BThe request is blocked or redirected to login
CThe server creates a new session automatically
DThe server returns a 500 error
Explain how session-based authentication works in NestJS from login to accessing protected routes.
Think about what happens step-by-step when a user logs in and then visits a page that needs login.
You got /6 concepts.
    Describe the security best practices for session cookies in NestJS applications.
    Focus on cookie flags and how they protect user sessions.
    You got /5 concepts.