"Simple session middleware for Koa. Defaults to cookie-based sessions and supports external stores. [...] The session is stored in a cookie by default, but it has some disadvantages: Session is stored on client side unencrypted [...]"
😬
Follow
Anyone up for a bet on how many Koa applications are unknowingly running with this default configuration being used for authenticating users?
@joepie91 I thought we as an industry learned the lesson of insecure defaults being bad a long time ago 😭