Fixed Session Identifier in Login Cookie #207
Description
The code snippet in the file "mock_backend/index.js" includes a login endpoint ("/api/v2/auth/login") that sets a fixed session identifier (SID) in a cookie. This fixed value of "8c212779b4abde7A" may raise security concerns and need to be addressed.
res.cookie('SID', '8c212779b4abde7A');
To address this issue, it is recommended to modify the code to generate a random session identifier upon successful authentication. The generated session identifier should be unique for each user session and stored securely in the cookie.
Additionally, it is important to follow best practices for secure cookie handling. This includes setting the "Secure" flag to ensure the cookie is only transmitted over HTTPS and setting the "HttpOnly" flag to prevent client-side script access.