All geek questions in one place

Difference between connect.session and connect.cookieParser secret?

I would like to use secure cookies in my Express application using connect.session and connect.cookieParser connectivity modules. According to the docs, both accept the secret parameter. This key is used to prevent user intervention in the cookie.

Should I install the same key for both modules or two different? Or should I just pass the key to one of them?

+4
source share
1 answer

You only need to install it using one or the other. Although, you can go to each one to give them a different secret to use.

The difference between them lies in their so-called "greed" with her.

  • session(secret) keep secret by itself, only using it for a cookie containing the session identifier.

  • cookieParser(secret) , on the other hand, will allow you to sign any cookie.

    You can create signed cookies with Express' response.cookie() .

    Signed cookies are also supported using this method. Just pass the signed option. When given res.cookie() will use the secret passed in express.cookieParser(secret) to sign the value.

     res.cookie('name', 'tobi', { signed: true });

    You can later access this value through the req.signedCookies object.

+5
source

Source: https://habr.com/ru/post/1498332/

More articles:


All Articles