**Sven Slootweg** @joepie91@pixie.town · 2025-05-17T15:42:39Z

Sven Slootweg @joepie91@pixie.town

"Simple session middleware for Koa. Defaults to cookie-based sessions and supports external stores. [...] The session is stored in a cookie by default, but it has some disadvantages: Session is stored on client side unencrypted [...]"

😬

May 17, 2025, 15:42 · · Web · · ·

**Sven Slootweg** @joepie91@pixie.town · May 17, 2025, 15:44

**Sven Slootweg** @joepie91@pixie.town · May 17, 2025, 15:44

May 17, 2025, 15:44

Sven Slootweg @joepie91@pixie.town

Anyone up for a bet on how many Koa applications are unknowingly running with this default configuration being used for authenticating users?

**marlies** @marlies@tacobelllabs.net · May 17, 2025, 17:25

**marlies** @marlies@tacobelllabs.net · May 17, 2025, 17:25

May 17, 2025, 17:25

marlies @marlies@tacobelllabs.net

@joepie91 I thought we as an industry learned the lesson of insecure defaults being bad a long time ago 😭

**starfire shimmers (they/them)** @starfire@corteximplant.com · May 18, 2025, 04:03

**starfire shimmers (they/them)** @starfire@corteximplant.com · May 18, 2025, 04:03

May 18, 2025, 04:03

starfire shimmers (they/them) @starfire@corteximplant.com

@joepie91 *longest sigh*

Resources

Developers

What is Mastodon?

pixie.town

More…