when should I use cookie-parser with express-session?

node.js session cookies express session-cookies
surenyonjan picture surenyonjan · Jan 15, 2015 · Viewed 34.8k times · Source

In most ExpressJs example, I found using cookie-parser with express-session.

If I could access session data with req.session.name without it, in what case ( or benefits ) should I be using cookie-parser?

Answer

Max Yari picture Max Yari · Mar 16, 2015

For future humble coders, that will stumble upon this - I'm posting an up-to-date answer:

As the official description of express-session middleware says here: express-session

Since version 1.5.0, the cookie-parser middleware no longer needs to be used for this module to work. This module now directly reads and writes cookies on req/res. Using cookie-parser may result in issues if the secret is not the same between this module and cookie-parser.

Therefore, just use express-session middleware and have a nice day.

Related questions

Setting Node.js Express session expiration time in SessionStore in stead of in cookie

Everything I can find on Express Sessions expiring times is about setting the cookie. session.cookie.expires = null; // Browser session cookie session.cookie.expires = 7 * 24 * 3600 * 1000; // Week long cookie But the expire date of cookies is not 'secured' with your secret, as …

Read More
How do sessions work in Express.js with Node.js?

Using Express.js, sessions are dead simple. I'm curious how they actually work though. Does it store some cookie on the client? If so, where can I find that cookie? If required, how do I decode it? I basically want …

Read More
Change cookie expiration in Express

Because I didn't define a maxAge when calling expressServer.use(express.session({params})) the cookie's expiration is set as "Session". I would like to add a "remember me" feature when logging in. If "remember me" is selected, the expiration will …

Read More