Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

when should I use cookie-parser with express-session?

In most ExpressJs example, I found using cookie-parser with express-session.

If I could access session data with req.session.name without it, in what case ( or benefits ) should I be using cookie-parser?

like image 284
surenyonjan Avatar asked Jan 15 '15 10:01

surenyonjan


People also ask

What is the difference between Express session and cookie session?

Cookie session is basically used for lightweight session applications where the session data is stored in a cookie but within the client [browser], whereas, Express Session stores just a mere session identifier within a cookie in the client end, whilst storing the session data entirely on the server.

How does Express cookie session work?

Express. js uses a cookie to store a session id (with an encryption signature) in the user's browser and then, on subsequent requests, uses the value of that cookie to retrieve session information stored on the server.

How do you set an Express session cookie?

var cookieSession = require('cookie-session') var express = require('express') var app = express() app. use(cookieSession({ name: 'session', keys: ['key1', 'key2'] })) // Update a value in the cookie so that the set-cookie will be sent. // Only changes every minute so that it's not sent with every request. app.

What is saveUninitialized in Express session?

saveUninitialized : When an empty session object is created and no properties are set, it is the uninitialized state. So, setting saveUninitialized to false will not save the session if it is not modified. The default value of both resave and saveUninitialized is true, but using the default is deprecated.


Video Answer


2 Answers

For future humble coders, that will stumble upon this - I'm posting an up-to-date answer:

As the official description of express-session middleware says here: express-session

Since version 1.5.0, the cookie-parser middleware no longer needs to be used for this module to work. This module now directly reads and writes cookies on req/res. Using cookie-parser may result in issues if the secret is not the same between this module and cookie-parser.

Therefore, just use express-session middleware and have a nice day.

like image 90
Max Yari Avatar answered Sep 20 '22 02:09

Max Yari


In addition to providing simple cookie parsing functionality, the cookie-parser middleware enables signed cookies which can be referenced by other middleware components, using an optional secret attribute.

Why would you want signed cookies? This question addresses that well

like image 23
Ben Avatar answered Sep 22 '22 02:09

Ben