Where are Sessions Stored? Hijacking Users?
Fullstack Social iOS NodeJS REST
Before we move on to creating custom login forms for our application, I'd like to take a moment here and explain where sessions are being stored in the browser. Inside of chrome, you can open the developer tools with the CMD + OPTION + J shortcut. You can then inspect the cookies to find your session id under the localhost area. If not careful, you can hijack another user's session with their session id information.

Comments (3)
MaxApp
4 years ago
Hello Brian, I hope you are doing well. A quick question can someone just brute force the sessions? Thanks
Brian Voong
4 years ago
AmirHossein
3 years ago
Hi brian, I have questions about sails authentication. Many web applications in the world are using JWT, OAuth and etc for user authentication, why does sails use Session? Do you prefer session rather than JWT or OAuth ? Thanks
Brian Voong
3 years ago
Danny S
3 years ago
hi Brian, can you please explain how to store session in radis?
HELP & SUPPORT