Using cookies in node. js

How do I send cookies to clients in node. js?
The following two scenarios are available:
First, using Response.writehead, code example:
Set the expiration time to one minute

1 varToday =NewDate ();2 varTime = Today.gettime () + 60*1000;3 varTime2 =NewDate (time);4 varTimeobj =time2.togmtstring ();5 Response.writehead ({6' Set-cookie ': ' mycookie= ' Type=ninja ', ' language=javascript ';p ath= '/'; expires= ' +timeobj+ '; Httponly=true '7 });8 9 Ten The syntax is as follows (for an explanation of each field, see "Options field Meanings" below): OneSet-cookie: ' A Cookiename=cookievalue; - [expires=] - [;d omain=] the [;p ath=] - [; secure=] - [; httponly=] -‘

By viewing the cookie as shown:

Disadvantage: Use Response.writehead can only send once the head, that can only be called once, and can not coexist with response.render, or will error

Http://www.cnblogs.com/roucheng

Second, using Response.cookie, the code example is as follows:

Response.cookie (' haha ', ' name1=value1&name2=value2 ', {maxage:10*1000, path: '/', httponly:true});

The syntax is as follows:
Response.cookie (' cookiename ', ' name=value[name=value ...] ', [options]);

Options field Meaning:
1. Expires: Specify the expiration time string in GMT format, such as "Timeobj" for method one.
2, MaxAge: Specify the expiration time, with expires (expires and MaxAge Select both to set a value). Unlike expires, the MaxAge value is measured in milliseconds (see maxage:10*1000 in Method Two, which is 10 seconds). The MaxAge value can be positive and negative. A positive number indicates the time at which the current cookie survives. A negative number means that the current cookie is just as the browser is stored in the client's memory, and the cookie disappears as soon as the browser is closed. The default value is-1.
3. Domain: Specifies the host name of the cookie that can be accessed. The hostname refers to a different host under the same domain name. such as: Www.hovertree.com and tool.hovertree.com are on two different hosts, that is, two different host names. By default, a cookie created in one host cannot be accessed under another host, but it can be controlled through the domain parameter, known as a cross-domain. Take Hovertree as an example, to achieve cross-host (cross-subdomain) access, the wording is as follows: domain=.hovertree.com, so that all hovertree.com under the host can access this cookie. (When this value is set on a native environment, the cookie cannot be viewed.) ）
4. Path: Specifies the directory where this cookie can be accessed. For example, Path=/default indicates that the current cookie can only be used in the default directory. The default value is "/", that is, all directories under the root directory are accessible.
5, Secure: When set to true, indicates that the created cookie will be transmitted to the server in a secure manner, that is, only in the HTTPS connection by the browser to the server side for session authentication, if the HTTP connection will not pass this information, so will not be stolen into the specific content of the cookie. Similarly, on the client side, we are unable to use Document.cookie to find the secure=true-set cookie health value pair. The secure property is to prevent the information from being captured after being listened to during the delivery of the information leak, and the HttpOnly property is designed to prevent the program from acquiring a cookie for attack (XSS). We can think of secure=true as more stringent access control than httponly=true.
6, HttpOnly: Microsoft is the expansion of cookies. If the "HttpOnly" attribute is set in the cookie, the cookie information will not be read by the program (JS script, applet, etc.) to prevent the XSS attack from being generated.
By viewing the cookie as shown:

Http://www.cnblogs.com/roucheng/p/3520056.html

Using cookies in node. js