Signing cookies in express
Express will indeed use the secret provided to cookie-parser
to sign your cookie. Cookie-parser will inject the secret into your request object. Then, express will use it in order to sign the cookie. If no secret is provided to cookie-parser
(or another middleware), then express will throw an error when trying to set a new signed cookie.
Answering your question, that's how you should set the secret (using cookie-parser
):
var express = require('express')var cookieParser = require('cookie-parser')var app = express()app.use(cookieParser('your-secret'))app.get('/', (req, res, next) => { res.cookie('name', 'value', { signed: true }) res.json({})})
Then it will be available in req.signedCookies
.
var express = require('express')var cookieParser = require('cookie-parser')var app = express()app.use(cookieParser('yourSecretGoesHere'))
Reference: https://www.npmjs.com/package/cookie-parser
This cookieParser()
takes secret and option. For signed cookie, you can access through req.signedCookies
and for unsigned cookies just req.cookies
.For sending cookies with response use cookie-like
app.use(cookieParser('12345')); res.cookie('username', 'john doe', { maxAge: 900000, httpOnly: true, signed: true, secret: '12345' }); res.cookie('user_name', 'anik islam', { maxAge: 900000, httpOnly: true, signed: false, secret: '12345' });
And you can access cookies like
console.log(req.cookies);console.log(req.signedCookies);