Reputation: 7580
CookieParser and CookieSession middleware in Express.js
I am trying to use the cookieSession middleware in an Express.js app. Is cookieParser middleware required to use before cookieSession middleware? Also cookieParser accepts a secret key and so does the cookieSession middleware. Do I need to set the secret in both?
var express = require('express');
var app = express();
app.use(express.cookieParser('secret'));
app.use(express.cookieSession({
key: 'key',
secret: 'Should it be same as above?'
});
I do know that cookieSession middleware assigns cookie variables to the req.sesison object. So I guess cookieParser is required but where should I be setting the secret? Should I set the same secret in both?
Upvotes: 2
Views: 4365
Answers (1)
Reputation: 47993
Here is the catch. Secret string passed to cookieParser is not used by it but by other middlewares and is optional for it. It sets req.secret to that value. cookieSession simply checks if req.secret exists and will use it, but by default it will use the secret option passed explicitly over the stored secret. So passing the option to only one of them would suffice.
You can see it in their documentation : cookieParser and cookieSession
Upvotes: 5
Related Questions
- How to use cookieSession in express
- Express Session Middleware
- Node express server session management middleware?
- Node, express.session as middleware does not set cookie
- ExpressJS session save in cookie
- NodeJs and ExpressJs middleware that relies on another middleware being used
- How does the cookie-session middleware work in expressjs?
- Express cookieParser() confused
- Using cookieParser() and cookieSession() together?
- cookie node.js express