You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using this package to identify the users by storing a userId in the cookies. So if someone tries to set random userIds as cookie data in their browser, will they be able to convince my server that they are a user while they actually are not?
Does this package have some sort of mechanism for dealing with this kind of risk?
The text was updated successfully, but these errors were encountered:
As long as you didn't set signed to false, then the user cannot change the contents without knowing the secret/keys information. That is the protection mechanism thia module provides against tampering.
I'm using this package to identify the users by storing a
userId
in the cookies. So if someone tries to set randomuserId
s as cookie data in their browser, will they be able to convince my server that they are a user while they actually are not?Does this package have some sort of mechanism for dealing with this kind of risk?
The text was updated successfully, but these errors were encountered: