CST336 - Week 7

This week we learned about authentication and sessions. First, we were instructed to read the article, Why You Should Use Bcrypt to Hash Passwords. The article explained that regular hashes passwords like using a one-way hash or even 'salting' passwords randomly does not keep passwords as secure as they should be. To increase encryption and ensure data security, Bcrypt should be applied which uses a Key Factor to adjust hashing cost. Next, we read about Express Sessions. To store user state, each user can be assigned a unique session using express-session. Then, the session data can be stored in memory, a database, or memory cache to be accessed later.

Next, I followed the given tutorial to create an application that lets users log in and out of their "account". The tutorial instructs us to create a login page with a space to enter a username and password. We use the POST method so that the sensitive information will not be displayed in the URL. Next, we used bcrypt to hash the password so that it will be more secure. We were able to restrict users who are not logged in from seeing certain web pages such as a page displaying account information. Users are also able to logout and destroy the current session. Usernames and passwords can be stored in a database table and accessed through an sql connection. This lab really gave a clear overview on how to implement user sessions.