JSFoo 2019
JSFoo For members

JSFoo 2019

On component architecture, front-end engineering and Developer Experience (DX)

Make a submission

Accepting submissions till 21 Sep 2019, 07:20 AM

NIMHANS Convention Centre, Bangalore, Bangalore

Tickets

Loading…

JSFoo is in its ninth edition this year. Talks at JSFoo 2019 will cover the following topics:

  1. Component architecture -- how different web components have been stitched together to build apps; outcomes on UI and performance as a result of architecture choices
  2. Deployment practices for front-end and how Kubernetes and CI/CD fall into this picture
  3. Accessibility
  4. Developer experience (DX)
  5. Functional programming paradigms: ReasonML and ClojureScript
  6. Privacy and Content Security Policy (CSP)
  7. New developments such as SvelteJS

Speakers from Razorpay, CloudCherry, Myntra, Innovaccer, GitLab, Microsoft, Atlassian and Gramener will share their work and learnings on these topics.

Who should attend JSFoo:

JSFoo is a conference for practitioners, by practitioners. JSFoo 2019 is a conference for:

  1. Front-end engineers
  2. Senior software developers
  3. Team leaders and engineering managers
  4. Fullstack developers
  5. InfoSec professionals

##JSFoo 2019 details:
Dates: 27 and 28 September
Venue: NIMHANS Convention Centre, Bangalore

##JSFoo workshops:
The following workshops have been curated for before and after the conference:







##Contact details:
For inquiries about conference tickets, workshop tickets and any other details, call JSFoo on 7676332020 or email info@hasgeek.com

#Sponsors:

Click here for the Sponsorship Deck.
Email sales@hasgeek.com for bulk ticket purchases, and sponsoring JSFoo 2019.


JSFoo 2019 sponsors:


#Platinum Sponsor

Microsoft

#Gold Sponsor

Atlassian

#Exhibition Sponsor

Publicis Sapient

#Bronze Sponsor

Innovaccer ThoughtSpot

#Community Sponsor

Hasura Obvious

Contact

For tickets and sponsorships, contact info@hasgeek.com or call +91-7676332020. For queries about proposing talks, write to jsfoo.editorial@hasgeek.com

Hosted by

JSFoo is a forum for discussing UI engineering; fullstack development; web applications engineering, performance, security and design; accessibility; and latest developments in #JavaScript. Follow JSFoo on Twitter more

Rishabh Poddar

@rishabhpoddar

Implementing session management the correct way

Submitted Aug 6, 2019

When it comes to security, a lot of attention is given to password management or password less methodologies. But what happens after a user has logged into a service? Since HTTP is stateless, we need to still maintain user identity across API calls - the way we do this is called session management. Hence, this is a very important aspect of any application from a security and a user experience point of view. Also since most API calls will require some sort of session authentication, scalability is also an important factor to consider.
Solutions to this problem are quite varied. Many developers like to keep things simple and use just one long lived access token (solution adopted by many libraries). While this is most insecure, it takes the least time to understand and implement. For developers that can spend more time on security, they experiment with the lifetime of this token, use two tokens with varying properties (lifetime, generation methodology, JWT vs Opaque) and implement various heuristics like detecting IP address or device fingerprint changes to minimise attack damage - all of these have many false negatives and positives.
To solve this problem once and for all, we made an open source SuperTokens. It prevents against all session related attacks: XSS, Brute force, Session fixation, JWT signing key compromise, Data theft from database and CSRF. In the event that session tokens are compromised, the library also has token theft detection since it uses the concept of rotating refresh tokens - as recommended in the OAuth 2.0 RFC. Finally in terms of scalability, this library uses parent child hierarchy to form the tokens so that the space and time complexity is at least as good as all other solutions that do no employ rotating refresh tokens.
Overall, the aim of the talk is to touch briefly on the various aspects of session management, so that developers are well informed when they decide on their solution for their apps. It will cover all attacks, best practices, and also introduce our library.

Outline

  • Introduction to session management, why it’s important, various attacks and scalability concerns.
  • Currently used methods and their analysis in the context of security, scalability and user experience
  • About SuperTokens and how it is the best solution out there.
  • Q&A

Requirements

It is mainly intended for full stack and backend developers, who have previously built at least one app or have previously dealt with at least the very basics of session management.

Speaker bio

Rishabh is the CTO and co-founder of SuperTokens (https://supertokens.io) - the worlds best session management library. He is a full stack engineer, with an expertise in relational and NoSQL databases, distributed systems, Javascript & Java, Operating Systems, react JS and react native. He got his first class bachelors degrees in Computer Science from Imperial College London (graduated in 2015).

Slides

https://docs.google.com/presentation/d/1tDjcbgb62bdnT3lvwSojtzCYrqJ33kDIBhvtd5JuTEM/edit?usp=sharing

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Make a submission

Accepting submissions till 21 Sep 2019, 07:20 AM

NIMHANS Convention Centre, Bangalore, Bangalore

Hosted by

JSFoo is a forum for discussing UI engineering; fullstack development; web applications engineering, performance, security and design; accessibility; and latest developments in #JavaScript. Follow JSFoo on Twitter more