when should I use cookie-parser with express-session?

node.js session cookies express session-cookies
37,453

Solution 1

For future humble coders, that will stumble upon this - I'm posting an up-to-date answer:

As the official description of express-session middleware says here: express-session

Since version 1.5.0, the cookie-parser middleware no longer needs to be used for this module to work. This module now directly reads and writes cookies on req/res. Using cookie-parser may result in issues if the secret is not the same between this module and cookie-parser.

Therefore, just use express-session middleware and have a nice day.

Solution 2

In addition to providing simple cookie parsing functionality, the cookie-parser middleware enables signed cookies which can be referenced by other middleware components, using an optional secret attribute.

Why would you want signed cookies? This question addresses that well

Share:
37,453
surenyonjan
Author by

surenyonjan

Updated on July 09, 2022

Comments

  • surenyonjan
    surenyonjan almost 2 years

    In most ExpressJs example, I found using cookie-parser with express-session.

    If I could access session data with req.session.name without it, in what case ( or benefits ) should I be using cookie-parser?

  • ryanman
    ryanman over 9 years
    The documentation at github.com/expressjs/session seems to indicate it supports a signed cookie on its own. Am I missing something?
  • ViggoV
    ViggoV over 5 years
    According to Express' own security guidelines express-session is not production ready and should not be used: expressjs.com/en/advanced/…
  • Max Yari
    Max Yari over 5 years
    @ViggoV I think you mean this line By default, it uses in-memory storage and is not designed for a production environment ? It talks not about whole express-session being not prod ready, but rather about not using default in-memory storage for production, together with express-session you should use session store compatible with your db for persistent cookie storage and it all will be fine.
  • Benny
    Benny about 5 years
    So cookie-parser can't be used with express-session? what if I need to both read cookie and maintain session data?
  • Max Yari
    Max Yari over 4 years
    @Benny no idea if they'll conflict or not tbh. Personally I would've just checked if there's a session reading api/parsed cookies exposed on express-session.
  • java-addict301
    java-addict301 over 3 years
    @Benny from the express-session main page, it sounds like they will only conflict if the secret is different between the two modules - "Using cookie-parser may result in issues if the secret is not the same between this module and cookie-parser"

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Setting Node.js Express session expiration time in SessionStore in stead of in cookie
Express 4 Sessions not persisting when restarting server
NodeJS express-session req.session is undefined
req.session undefined and req.session.user_id not working
Node.js/Express.js session management cookie to be session cookie
How can I get axios to maintain cookies/session between API calls?
Change cookie expiration in Express
Set cookie for domain instead of subDomain using NodeJS and ExpressJS
What's difference with express-session and cookie-session?
Nodejs Express3 using sessions to check if user is logged in