What is cookie-parser?
The cookie-parser npm package is a middleware which parses cookies attached to the client request object. It can parse signed cookies with a secret and populate req.cookies with an object keyed by cookie names. It's commonly used in Express and Connect applications.
What are cookie-parser's main functionalities?
Parse Cookies
This code sets up an Express server that uses cookie-parser to parse cookies from the request. It logs the cookies to the console on a GET request to the root path.
const express = require('express');
const cookieParser = require('cookie-parser');
const app = express();
app.use(cookieParser());
app.get('/', (req, res) => {
console.log('Cookies: ', req.cookies);
res.send('Check the console for cookies');
});
app.listen(3000);
Parse Signed Cookies
This code demonstrates how to use cookie-parser to parse signed cookies. The secret provided to cookieParser() is used to validate the signed cookies, which are then available in req.signedCookies.
const express = require('express');
const cookieParser = require('cookie-parser');
const app = express();
app.use(cookieParser('yourSecret')); // Replace 'yourSecret' with your actual secret string
app.get('/', (req, res) => {
console.log('Signed Cookies: ', req.signedCookies);
res.send('Check the console for signed cookies');
});
app.listen(3000);
Other packages similar to cookie-parser
express-session
While not exclusively for cookie parsing, express-session is a session management middleware that can handle cookies. It provides more features for managing user sessions, such as storing session data on the server and using a session store that is compatible with Express.
tough-cookie
tough-cookie is a more low-level package for handling cookies in Node.js. It can parse and serialize cookies, and it's designed to be a robust server-side cookie library. It does not integrate with Express/Connect middleware out of the box and requires more manual handling compared to cookie-parser.
cookies
The cookies package is another alternative for handling cookies in Node.js. It provides a higher-level abstraction than tough-cookie and includes features for setting, getting, and managing HTTP cookies. It's similar to cookie-parser but offers a different API and additional capabilities for cookie management.
cookie-parser
Parse Cookie
header and populate req.cookies
with an object keyed by the cookie
names. Optionally you may enable signed cookie support by passing a secret
string,
which assigns req.secret
so it may be used by other middleware.
Installation
$ npm install cookie-parser
API
var express = require('express')
var cookieParser = require('cookie-parser')
var app = express()
app.use(cookieParser())
cookieParser(secret, options)
secret
a string or array used for signing cookies. This is optional and if not specified, will not parse signed cookies. If a string is provided, this is used as the secret. If an array is provided, an attempt will be made to unsign the cookie with each secret in order.options
an object that is passed to cookie.parse
as the second option. See cookie for more information.
decode
a function to decode the value of the cookie
cookieParser.JSONCookie(str)
Parse a cookie value as a JSON cookie. This will return the parsed JSON value if it was a JSON cookie, otherwise it will return the passed value.
cookieParser.JSONCookies(cookies)
Given an object, this will iterate over the keys and call JSONCookie
on each value. This will return the same object passed in.
cookieParser.signedCookie(str, secret)
Parse a cookie value as a signed cookie. This will return the parsed unsigned value if it was a signed cookie and the signature was valid, otherwise it will return the passed value.
The secret
argument can be an array or string. If a string is provided, this is used as the secret. If an array is provided, an attempt will be made to unsign the cookie with each secret in order.
cookieParser.signedCookies(cookies, secret)
Given an object, this will iterate over the keys and check if any value is a signed cookie. If it is a signed cookie and the signature is valid, the key will be deleted from the object and added to the new object that is returned.
The secret
argument can be an array or string. If a string is provided, this is used as the secret. If an array is provided, an attempt will be made to unsign the cookie with each secret in order.
Example
var express = require('express')
var cookieParser = require('cookie-parser')
var app = express()
app.use(cookieParser())
app.get('/', function(req, res) {
console.log("Cookies: ", req.cookies)
})
app.listen(8080)