In most ExpressJs example, I found using cookie-parser
with express-session
.
If I could access session data with req.session.name
without it, in what case ( or benefits ) should I be using cookie-parser
?
Cookie session is basically used for lightweight session applications where the session data is stored in a cookie but within the client [browser], whereas, Express Session stores just a mere session identifier within a cookie in the client end, whilst storing the session data entirely on the server.
Express. js uses a cookie to store a session id (with an encryption signature) in the user's browser and then, on subsequent requests, uses the value of that cookie to retrieve session information stored on the server.
var cookieSession = require('cookie-session') var express = require('express') var app = express() app. use(cookieSession({ name: 'session', keys: ['key1', 'key2'] })) // Update a value in the cookie so that the set-cookie will be sent. // Only changes every minute so that it's not sent with every request. app.
saveUninitialized : When an empty session object is created and no properties are set, it is the uninitialized state. So, setting saveUninitialized to false will not save the session if it is not modified. The default value of both resave and saveUninitialized is true, but using the default is deprecated.
For future humble coders, that will stumble upon this - I'm posting an up-to-date answer:
As the official description of express-session
middleware says here: express-session
Since version 1.5.0, the
cookie-parser
middleware no longer needs to be used for this module to work. This module now directly reads and writes cookies on req/res. Usingcookie-parser
may result in issues if the secret is not the same between this module andcookie-parser
.
Therefore, just use express-session middleware and have a nice day.
In addition to providing simple cookie parsing functionality, the cookie-parser
middleware enables signed cookies which can be referenced by other middleware components, using an optional secret
attribute.
Why would you want signed cookies? This question addresses that well
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With