Express JS Assignment- 5

Basic Questions

  1. Create a route /session-demo that initializes a session with a key username and logs it to prove what a session is.
  2. Install and configure express-session in a basic Express app.
  3. Store a value (e.g., username) in a session and retrieve it later.
  4. Build two routes: /session-set that saves a session value and /cookie-set that saves a cookie, then compare persistence in browser DevTools.
  5. Set a cookie named theme with value “dark” using res.cookie().
  6. Read a cookie from the request using req.cookies.
  7. Delete a cookie using res.clearCookie().
  8. Create a route /http-only that sets an httpOnly cookie so it’s not accessible via document.cookie.
  9. Create a route /secure-cookie that sets a secure cookie which only works over HTTPS.
  10. Create a route /samesite-cookie that sets a cookie with sameSite: ‘strict’.
  11. Create a route that sets a cookie with an expiry time of 1 hour.
  12. Create /session-cookie (expires when browser closes) and /persistent-cookie (expires after 1 day) to show their difference.
  13. Demonstrate how to destroy a session in Express.
  14. Log the auto-generated session ID of a user inside /session-id.
  15. Use cookies + sessions to remember a user’s theme preference (dark or light).
  16. Write a middleware that checks if a session exists before accessing /dashboard.
  17. Create a route /sensitive that tries to store a password in a cookie, then explain (via console.log) how it exposes data to the client.
  18. Create a route /remember-me that sets a cookie for persistent login.
  19. Create a small front‑end page and backend route — store a token once in localStorage and once in a cookie, then print accessibility differences in DevTools.
  20. Store a temporary cartId in local storage (frontend + backend logic example).

Intermediate Questions

  1. Configure session cookies with httpOnly and secure flags.
  2. Use connect-mongo to store sessions in MongoDB instead of memory.
  3. Create a login system that uses sessions to keep users logged in.
  4. Implement logout functionality by destroying the session.
  5. Add session expiry of 15 minutes after login.
  6. Implement a “Remember Me” feature using cookies for persistent login.
  7. Write middleware to refresh session expiry on each request (sliding session).
  8. Demonstrate how to share session data across multiple routes.
  9. Create /cookie-token saving auth token in httpOnly cookie and /localstorage-token saving it in localStorage, then test accessibility in browser console.
  10. Store a JWT token inside an httpOnly cookie.
  11. Create two routes: /cookie-strict that sets a sameSite:’strict’ cookie and /cookie-lax that sets a sameSite:’lax’ cookie, then test cross‑site requests.
  12. Create a middleware to log all cookies received in a request.
  13. Implement cookie-based theme switching (dark/light) and persist it.
  14. Add CSRF protection by checking custom tokens stored in cookies.
  15. Demonstrate how to handle session data securely in production.
  16. Store shopping cart items in session and retrieve them across routes.
  17. Implement a multi-step form using sessions to remember user input.
  18. Create a demo where a script injected into localStorage reads sensitive data, proving XSS risk, while cookie with httpOnly flag resists this.
  19. Write code that combines session + cookies for persistent login.
  20. Build a login route where user credentials are stored in DB but session is used for state.

Advanced Questions

  1. Build a complete login + logout + persistent session system using express-session + cookies.
  2. Store sessions in Redis for scalability and integrate with Express.
  3. Implement secure cookie handling with httpOnly, secure, sameSite=strict in production mode.
  4. Create middleware that automatically logs out users if session expired or tampered.
  5. Design a persistent login system with session rotation to prevent fixation attacks.
  6. Implement CSRF protection using cookies + tokens in Express.
  7. Build a shopping cart system where cart data persists across sessions using DB + cookies.
  8. Combine JWT + cookies + sessions for hybrid authentication.
  9. Securely integrate local storage with backend by encrypting sensitive data.
  10. Create a mini project:
    • Login/Logout
    • Session-based persistence
    • Cookie-based “Remember Me”
    • Local storage for temporary cart
    • Security best practices (httpOnly, sameSite, CSRF)