Cookie: Sometimes the plural form Cookies is also used. The type is "small text file", which is data (usually encrypted) stored on the user's local terminal by some websites in order to identify the user's identity and perform session tracking. The information is temporarily or permanently saved by the user's client computer.
To operate cookies with node, we need the cookie-parser module
npm i cookie-parser -s.
Next, introduce this module in our file
//Introduce the express module const express = require('express')
// Instantiate express
const app = express()
//Operation cookie module const cookieParser = require('cookie-parser');
//Add cookie signature app.use(cookieParser('Really outrageous')); //Use cookie middleware, the encrypted value is: 'Really outrageous' Parameter details
name: A name that uniquely identifies the cookie.
value: The value of the string stored in the cookie.
domain: The cookie is valid for that domain.
path: indicates the path affected by this cookie. The browser will send cookies to the matching path in the specified domain based on this configuration.
expires: Expiration time, indicating when the cookie expires. If this time is not set, the browser will delete all cookies when the page is closed, but we can also set the expiration time ourselves.
Note: If the time set on the client and server are inconsistent, there will be a deviation when using expires.
max-age: Used to tell the browser how long this cookie will expire (in seconds). Generally, max-age has a higher priority than expires.
HttpOnly: Tell the browser not to allow the script document.cookie to change the value. This value is also invisible in document.cookie, but this cookie will be carried in the http request.
Note: Although this value is not advisable in scripts, it exists in the form of a file in the browser installation directory. This setting is generally set on the server side.
secure: security flag. When specified, when secure is true, it is invalid in HTTP and only valid in HTTPS. It means that the created cookie can only be passed by the browser to the server for session verification in the HTTPS connection. If it is HTTP connections do not pass this information, so it is generally not heard.
Regarding reading issues,
req.cookies: reads our unencrypted cookies;
req.signedCookies: reads our encrypted cookies.
Case
app.get('/', (req, res) => {
res.cookie('cart', { items: [1, 2, 3] }, { maxAge: 10000 * 2, httpOnly: true, signed: true, path: '/' });
res.cookie('user', 'Zhang San', { httpOnly: true, path: '/user', signed: true })
res.send('ok')
console.log(req.cookies)
console.log(req.signedCookies)
})
app.get('/user', (req, res) => {
console.log(req.cookies)
res.send(req.signedCookies)
})
app.get('/news', function (req, res) {
res.cookie('Age', 'Dabai', { maxAge: 10000 * 2, httpOnly: true, signed: true })
res.cookie('Age', '0', { maxAge: 0 }); //Delete cookie
res.send('Hello nodejs news')
})
Our cookie will be deleted when maxAge is 0 .