express Learning (3) - cookie s and session s

 Cookies exist in the browser and can only store up to 4K of data, which is not safe

 Session exists in the server and cannot be independent (read cookie s before session), which is more secure

cookie

tool

Send cookie s:

Write the basics first:

const express = require('express');

var server=express();

// cookie
server.use('/',function(req,res){
   res.cookie('Name', 'value', {path: '/aaa/a.html', maxAge: 30*24*3600*1000});  //path indicates who can access,'/a a a/a.html'indicates a.html file in the a a a folder in the root directory, and maxAge indicates the maximum retention time in milliseconds.
})

server.listen(8080)

Read cookie s

Next, use the cookie-parser tool

const express=require('express');
const cookieParser=require('cookie-parser');

var server=express();

//cookie
server.use(cookieParser());

server.use('/', function (req, res){ 
  console.log(req.cookies);

  res.send('ok');
});

server.listen(8080);

Execution results:

However, cookie s are divided into two types, encrypted (signed) and unencrypted (unsigned).

const express=require('express');
const cookieParser=require('cookie-parser');

var server=express();

//cookie
server.use(cookieParser('wesdfw4r34tf'));

server.use('/', function (req, res){
  req.secret = 'wesdfw4r34tf';   //With the above'server.use(cookieParser('wesdfw4r34tf');', here's theReq.secretCan not write.Because cookies are automatically passed to secret
  res.cookie('user', 'blue', {signed: true});

  console.log('autograph cookie: ', req.signedCookies,'\n')
  console.log('No Signature cookie: ', req.cookies);

  res.send('ok');
});

server.listen(8080);

Execution results:

Be sure to tell the cookieParser what your signature says, such asServer.use(cookieParser ('wesdfw4r34tf')); otherwise it doesn't know who to interpret and it returns a long list, as shown in the following results:

delete cookie

One statement is enough
res.clearCookie('name');

session

Use a middleware: cookie-session:
npm install cookie-session --save

const express=require('express');
const cookieParser=require('cookie-parser');
const cookieSession=require('cookie-session');

var server = express();


server.use(cookieParser());
server.use(cookieSession({
    name:'my_session',
    keys:['aaa','bbb','ccc'], //Longer arrays are safer
    maxAge:2*3600*1000  // Save for two hours
}));

server.use('/',function(req,res){
    if(req.session['count']==null){
        req.session['count']=1;
    }else{
        req.session['count']+=1;        
    }
    console.log(req.session['count'])

    res.send('ok');
})

server.listen(8080);

Increase the key array:

var arr=[];
for(var i=0;i<100000;i++){
    arr.push('sig_'+Math.random());
}


server.use(cookieParser());
server.use(cookieSession({
    name:'my_session',
    keys:arr, //Use the array above
    maxAge:2*3600*1000  // Save for two hours
}));

summary

server.use(cookieParser('Signature string'));
server.use(cookieSession({

}));

server.use(function (req, res){
//Send cookie s
    res.cookie(Name, value, {signed: true});

//Read cookie s
    res.cookies['user']
    
//delete cookie
    res.clearCookie('Name');

//Get session
    res.session['xxx']
//Delete session
    delete res.session['xxx'];
});

Why can't delete a cookie?

Because cookie s exist on the browser side and sessions on the server side, only sessions can be deleted using the delete method.