Critiq Docs
Get started
security.authentication

Override Express session defaults

Express session middleware should not rely on default session naming and configuration.

#Metadata

Rule ID
ts.security.express-default-session-config
Severity
medium
Confidence
0.88
Languages
javascript, typescript
Presets
security, strict
Stability
stable
Applies to
block
Tags
authentication, express, rules-catalog, security

#Why it matters

Default session settings make applications easier to fingerprint and often skip explicit hardening choices.

#Remediation

Set an explicit session name and hardening options instead of relying on middleware defaults.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.express-default-session-config.rule.yaml.

Back to registryOpen rule in repository