Tutorial 1 - Authentication with ExpressJS

A big part of platform security is authentication. Authentication is a series of steps in place to allow the registered users to use the application and to prevent unwanted access to the platform. To do so, we will need to first be able to identify the difference between registered and unregistered users.
To set authentication up, if a user is registered, we will first provision a cookie to the user. A cookie is a tiny piece of data that could be involved during the transactions of requests between the server and client. The cookie is able to store small bytes of information that is sufficient to allow us to identify between registered and non-registered users. If a user has an account with us, upon login, the server will authenticate the user by issuing a cookie containing critical information about the user. For every subsequent request, on the client’s end, we will tag the cookie to every request made to the server. Once the server has received the valid cookie, the server will know that the user has already been authenticated as they have a cookie that was issued by the server.
You might be wondering what if the attacker simply attached a random cookie alongside a malicious request to the server. Are they able to gain access to the resources held within the server? No, because every cookie that is sent to the client will contain a cookie signature alongside the user information. The server uses the cookie signature to identify if the cookie is issued by the server or not.
Ultimately, authentication is simply to answer this basic question: Who has access to this platform? Without further ado, let us deep straight into Authentication with ExpressJS

For technical help on the StackUp platform join our Discord, head to the 🆘｜general-help.