I ran a console.log(req); to see what was there and found that the data from the DB is shown together with the session data
sessionStore: MySQLStore {
. . .
options: {
host: 'localhost',
user: 'root',
password: '1324',
database: 'dbso',
endConnectionOnClose: true,
clearExpired: true,
checkExpirationInterval: 900000,
expiration: 86400000,
createDatabaseTable: true,
connectionLimit: 1,
charset: 'utf8mb4_bin',
schema: [Object]
}, . . .
I am working with express-mysql-session and express-session
app.use(session({
secret: "sss",
resave: false,
saveUninitialized: false,
store: new mySQLStore({ /*Database info*/ })
}));
My concern and doubt is how much I should worry about this, and if I should worry about it, how can I solve it?
Our site uses cookies to store user sessions.
The summary of my doubt is, can the req become viewable/obtainable from the user side?
The summary of my doubt is, can the req become viewable/obtainable from the user side?
No.
The request object is used to pass data between middleware and end point handlers. It is only visible on the server.