Home > Developer > Web Develop

Nodejs Cookie and session

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Cookies, Session

Cookies: Save some data in the browser, each request will be brought over
* Unsafe, Limited (4K)

Session: Save data, save on server
* Safe, Unlimited

--------------------------------------------------------------------------------------------------------------

Session: Cookie-based implementation of
*cookie will have a session ID, the server uses SessionID to find the session file, read, write

Hidden Danger: Session Hijacking

Cookies:

1.cookie space is very small--save

2. Very poor security-verify that the cookie has been tampered with

Usage:

A. Sending cookies

res.secret= ' string '; // secret key, encryption of cookies true});
Path: route, MaxAge: Expiration Time, signed: Encryption

B. Read cookies

cookie-Parser Middleware Server.use (Cookieparser (' secret key ')); Server.use (function  () { Req.cookies unsigned    version req.signedcookies    signed version});

C. Delete Cookies

Res.clearcookie (name);

Example:

Const Express=require (' Express '); const cookieparser=require (' Cookie-parser '); var server=Express (); // Cookieserver.use (cookieparser (' WESDFW4R34TF ')); Server.use (function  (req, res) {  Req.secret= ' wesdfw4r34tf ';  Res.cookie (true});  Console.log (' signature cookie: ', req.signedcookies)  console.log (' No signature cookie: ', req.cookies);
Res.clearcookie (' user ');
res.send (' OK ');}); Server.listen (8080);
Session

Cookie-session Middleware

cookiesession (Options)
Name

The name of the cookie to set, which defaults to session .

Keys

A list of keys used to sign and validate cookie values.

Secret

if keys is not provided , it will be marked with the string .

Cookie Options

Other options are passed to cookies.get() and cookies.set() , allowing you to control secure, path, domain, and sign other settings.

These options can also contain any of the following (for a complete list, see the cookie Module documentation :

  • maxAge: Indicates Date.now() number of milliseconds to expire
  • expires: Date An object that indicates the expiration date of the cookie (by default, expires at the end of the session).
  • path: A string that indicates the cookie path ( / by default).
  • domain: A string that represents the domain of the cookie (no default).
  • sameSite: A Boolean value or string that indicates whether the cookie is a "same site" cookie ( false by default). This can be set to ‘strict‘ ,, ‘lax‘ or true (mapped to ‘strict‘ ).
  • secure: A Boolean value that indicates whether the cookie is sent only over HTTPS ( false default is HTTP true HTTPS by default). If this is set and true node. JS is not connected directly through TLS, be sure to read how to set up express after the agent, Otherwise the cookie may not be set correctly.
  • httpOnly: A Boolean value that indicates whether the cookie is sent only over HTTP (S) and is not provided to client JavaScript ( true by default).
  • signed: A Boolean value that indicates whether the cookie is to be signed ( true by default). If this is the case, .sig another cookie with the same name with an additional suffix is sent , and a 27-byte url-safe The Base64 SHA1 value represents the cookie-name of the first keygrip key = The hash value of the cookie-value . This signature key is used to detect tampering the next time a cookie is received.
  • overwrite: A Boolean value that indicates whether to overwrite a cookie with the same name that was previously set ( true by default). If this is true, all cookies (regardless of path or domain) that have the same name set in the same request will be filtered out of the Set-cookie header when this cookie is set




1. Write




Server.use (Cookieparser ()); Server.use (Cookiesession ({keys: [..., ...)});




2. Read




function () {req.session});




2. Delete




Delete req.session
Req.session = null




Example:




Const Express=require (' Express '); Const Cookieparser=require (' Cookie-parser '); Const Cookiesession=require (' Cookie-session ');varServer=Express ();//CookiesServer.use (Cookieparser ()); Server.use (Cookiesession ({name:' Sess ', keys: [' AAA ', ' BBB ', ' CCC '], MaxAge:2*3600*1000}); Server.use (‘/‘,function(req, res) {if(req.session[' Count ']==NULL) {req.session[' Count ']=1; }Else{req.session[' Count ']++;  } console.log (Req.session); Res.send (' OK ');}); Server.listen (8080);










--------------------------------------------------------------------------------------------------------------












Nodejs Cookie and session



                

                    
This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or
reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or
complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

                

            


                                                                    

        

            

                

                                        

                        

                    

                

                

    

                    
Contact Us

            
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
                products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
                content of the page makes you feel confusing, please write us an email, we will handle the problem
                within 5 days after receiving your email.

            

                If you find any instances of plagiarism from the community, please send an email to:
                info-contact@alibabacloud.com
                and provide relevant evidence. A staff member will contact you within 5 working days.
            

            



                

                

            

        

    

    


    


  

    

      

        

          

            

              
A Free Trial That Lets You Build Big!

              
 Start building with 50+ products and up to 12 months usage for Elastic Compute Service 

              

                Get Started for Free
              

            

          

          

            

              
    
                
  • 
                  
    Sales Support
    
                  
    
                    1 on 1 presale consultation
                  
    
                  
    
                    Chat
                    Contact Sales
                  
    
                
    • 
                
  • 
                  
    After-Sales Support
    
                  
    
                    24/7 Technical Support
                    6 Free Tickets per Quarter
                    Faster Response
                  
    
                  
    
                    Open a Ticket
                  
    
                
    • 
                
  • 
                  
    
                  
     Alibaba Cloud offers highly flexible support services tailored to meet your exact needs. 
    
                  
    
                    Learn More
                  
    
                
    •