Security · Intermediate · Live online
Node Authentication Patterns
Sessions vs JWT, refresh rotation, and secure cookie defaults in Node services.
Security moves slowly when abstractions hide failures. We keep the Node surface small so you can observe cookies, headers, and rotation timelines directly.
Duration: 4 weeks
Tuition (informational): 5,400,000 VND
Final quotes come from admissions. See Money-Back Policy for eligibility.
What ships in the syllabus
- Threat sketch for session fixation vs token theft
- Refresh token rotation exercise with revocation list
- Argon2 password hashing lab
- CORS and SameSite decision worksheet
- Service-to-service mTLS overview (conceptual)
- Auth case study walkthroughs
- Checklist for storing secrets outside git
Outcomes we actually assess
- Implement rotation-friendly refresh handling in a sample repo
- Document two threat mitigations for your current stack
- Complete auth code review worksheet with mentor sign-off
Hieu Tran
Database coach for Postgres workloads and migration drills.
FAQ — including what we skip
Do we build SSO?
We map OIDC flows but do not configure vendor SSO dashboards—that stays with your IT team.
Penetration testing?
Not included; we reference safe local test patterns only.
Hardware keys?
WebAuthn is introduced conceptually without requiring purchase of hardware.
Experience notes
“The rotation timeline diagram is taped above my desk now.”