I was recently testing for session related issue like prevelage escalation in a web app using nodejs express. Its my first time testing nodejs app, the situation is like this,the site has 3 user roles admin, manager, user and all three have same value for connect.sid and thats the only cookies present after auth.
I am confused how nodejs is handling session and how its differentiating that this is admin and he is manager and stuff like that ?
Can someone having experience in nodejs web programming throw some light onto this?
Aucun commentaire:
Enregistrer un commentaire