I was working on a app and needed to store a token in user cookies for few days. Here is what I found after some search and tests, I hope it can help someone to have everything centralized here.
You may know basics of node (with express)…
Setup :
$ npm i express
$ npm i cookie-parserLet create a really simple app.js (your express server) :
/* app.js */
// require modules you need to setup the server :
const express = require('express');
const http = require('http');
// require module for cookies :
const cookieParser = require('cookie-parser');
// server port :
const port = process.env.PORT || 80;
// setup server :
const app = express();
const server = http.createServer(app);
// add cookieParser to express :
app.use(cookieParser('some_secret_1234'));
// => (if you do not need to signe cookies, just use cookieParser
// with no arguments)
// make a basic route for tests
app.get('/', (req, res) => {
res.send('Hello World');
});
// start server
server.listen(port, () => {
console.log(`Dev server is accessible at http://localhost:${port}`);
});You can just start running your app here by going in the app.js folder and exec :
$ node app.jsAnd then, with your favorite browser, go to http://localhost (or whatever it’s logged into your console, if the port is not “80” )
In some case you may have an error to access port, so you should try with sudo (if you’re on Linux/OSX) : $ sudo node app.js
Or just simply change the port const value in app.js.
Set cookies :
we will create another simple route to set a “test” cookie.
// [...]
// just define your wanted config
const cookieConfig = {
httpOnly: true, // to disable accessing cookie via client side js
//secure: true, // to force https (if you use it)
maxAge: 1000000, // ttl in seconds (remove this option and cookie will die when browser is closed)
signed: true // if you use the secret with cookieParser
};
// there is many other params you can find here https://www.npmjs.com/package/cookie#options-1
// make /set route
app.get('/set', (req, res) => {
// MAIN CODE HERE :
res.cookie('test', 'some value', cookieConfig);
res.send('set cookie');
});
// [...]if you restart your app again, and access http://localhost/set a cookie called “test” will be set. In Chrome, you can check cookies by clicking on the icon next to the url (on the left).
Get cookies
No we will access to our cookie by adding another simple route to your app.js :
// [...]
// make /set route
app.get('/get', (req, res) => {
// MAIN CODE HERE :
const signedCookies = req.signedCookies; // get signed cookies
console.log('signed-cookies:', signedCookies);
const cookies = req.cookies; // get not signed cookies
console.log('not-signed-cookies:', cookies);
// or access directly to one cookie by its name :
const myTestCookie = req.signedCookies.test;
console.log('our test signed cookie:', myTestCookie);
res.send('get cookie');
});
// [...]Now, by restarting your server, and by accessing http://localhost/get you should see in your server console the retrieved cookies logged here.
You can tweak the cookie name, adding more, or with complex data (you can pass an entier object (JSON)) to do whatever you want.
Conclusion
Now you know how to set and get “secure” cookies from your express node server :)
(keep in mind that you should never set any sensitive value directly inside cookie. Store something like a token that can be used, by server, to retrieve some “more sensitive” data from your DB of whatever)
That’s it, it’s quite simple. Feel free to comment if you have any question.
