Set Client-Side Accessible Cookie In Express

Question

I\'m working on a Node app that uses Express and SocketIO. I want to set a cookie in my Express controller which is then accessible from my client-side Javascript code. Everythi

Answer 1

Figured it out! By default Express sets the option httpOnly to true. This means that your cookies cannot be accessed by the client-side Javascript. In order to correctly set cookies accessible on the client just use a snippet like the following:

res.cookie('rememberme', 'yes', { maxAge: 900000, httpOnly: false});

I've also noticed that if you call this command and then call res.redirect, the cookie won't get set. This command needs to be followed by res.render at some point in order for it to work. Not sure why this is.

Answer 2

so to access in http can we use:

res.cookie("mycookie", "1234567890", { secure:false, maxAge:120000, httpOnly: true });?

Answer 3

Actually I have experienced the same issue for couple of hours.

Here is my code:

res.cookie("mycookie", "1234567890", { secure:true, maxAge:120000, httpOnly: true });

I can see the Set-Cookie instruction in response header, but in Chrome I can not find the cookie and I can not find the cookie by req.cookies['mycookie'].

The root cause of this problem is that I did not use HTTPS connection. (Express 4.x with cookie-parser middleware)

According to this document: Simple Steps to Secure Your Express Node App

If I set the option secure=true, then the browser will not send my cookie in any HTTP request but HTTPS secure connection. Then after I removed secure:true option, I got my cookie work.