Complete the code to create a session in Express using the express-session middleware.
app.use(session({ secret: '[1]', resave: false, saveUninitialized: true }));The secret option in express-session is a string used to sign the session ID cookie. It should be a secret key like 'mySecretKey'.
Complete the code to send a JWT token after user login.
const token = jwt.[1]({ id: user.id }, 'secretKey', { expiresIn: '1h' });
The sign method creates a new JWT token with the given payload and secret.
Fix the error in the middleware that checks for a JWT token in the Authorization header.
const token = req.headers.authorization?.split(' ')[[1]];
The Authorization header usually has the format 'Bearer token', so splitting by space gives ['Bearer', 'token']. The token is at index 1.
Fill both blanks to create a middleware that destroys the session and clears the cookie on logout.
req.session.[1](() => { res.[2]('sessionCookie'); res.send('Logged out'); });
The destroy method removes the session from the store. clearCookie removes the cookie from the browser.
Fill all three blanks to create a token-based auth middleware that verifies the JWT token and attaches user info to the request.
const token = req.headers.authorization?.split(' ')[[1]]; try { const decoded = jwt.[2](token, '[3]'); req.user = decoded; next(); } catch (err) { res.status(401).send('Unauthorized'); }
The token is at index 1 after splitting the Authorization header. The verify method checks the token with the secret key 'secretKey'.