node. JS uses cookies

First, Cookie Introduction

Second, Cookie features

Third, the use of cookies

Four, encrypted cookies

Five. Application of Cookies

First, Cookie Introduction

　　A cookie is a variable stored on a visitor's computer. Allows us to use the same browser to access the same domain

Name to share data

　　HTTP is a stateless protocol. Simply put, when you browse a page and then go to another page of the same site

The server cannot recognize that this is the same browser that is accessing the same Web site. Every visit, was without any
of the relationship.

　　Cookies are a simple to explode idea: when accessing a page, the server is in the downstream HTTP message,

The command browser stores a string; When the browser accesses the same domain, the string is carried to the upstream
The HTTP request. The first time a server is accessed, it is not possible to carry cookies. Must be the server to get this request,
In the downstream response header, the cookie information is carried, and every subsequent request made by the browser to this server will
Carry this cookie.

Ii. Characteristics of cookies

　　Cookies are saved locally in the browser

The normal set of cookies is not encrypted, the user can freely see;
The user can delete the cookie or disable it
Cookies can be tampered with
Cookies can be used to attack
Cookies are stored in small amounts. The future is actually replaced by Localstorage, but the latter IE9 compatible

Third, the use of cookies

1, installing CNPM install Cookie-parser--save

2, the introduction of var Cookiepar = require ("Cookie-parser");

3, set up middleware

App.use (Cookieparser ());

4, set cookies

Res. CooKies (' name ', zhangsan,{max:9000000,httponly:true});

HttpOnly default false does not allow client script access

5, Get cookies

Req.cookies.name

Property Description

　　Domain: Domains

Name=value: Key-value pairs, you can set the Key/value to save, note that the name here cannot and other property entry names
The same
Expires: The expiration Time (in seconds) after which the Cookie is invalidated at a certain point in time, such as Expires=wednesday,
09-nov-99 23:12:40 GMT
MaxAge: Maximum failure Time (MS), setting after how many failures
Secure: When the secure value is true, the cookie is invalid in HTTP and is valid in HTTPS
Path: Represents the path that the cookie affects, such as path=/. If the path does not match, the browser does not send this Cookie
HttpOnly: It's Microsoft's expansion of cookies. If the "HttpOnly" attribute is set in the COOKIE, the program (JS
scripts, applets, etc.) will not be able to read cookie information to prevent XSS attacks from generating
Singed: Indicates whether the cookie is signed, set to True to sign the cookie, which requires
Res.signedcookies instead of res.cookies to access it. The tampered signature cookie is rejected by the server and the cookie
The value is reset to its original value

Set cookies

Res.cookie (' RememberMe ', ' 1 ', {maxage:900000, httponly:true})

Res.cookie (' name ', ' Tobi ', {domain: '. example.com ', path: '/admin ', secure:true});

　　Res.cookie (' RememberMe ', ' 1 ', {expires:new Date (Date.now () + 900000), HttpOnly:

true});

Get cookies

Res.cookies.name

Delete Cookies

Res.cookie (' RememberMe ', ', {expires:new Date (0)});

Res.cookie (' username ', ' Zhangsan ', {domain: '. ccc.com ', maxage:0,httponly:true}

node. JS uses cookies