Scribd
Upload
52 views

State Management: Cookies Session

State management is needed in HTTP because it is stateless. Cookies stored on the client and sessions stored on the server can both be used to maintain state across requests. Cookies can only store strings and persist when the browser is closed, while sessions can store objects but are erased when the browser closes. Cookie-parser middleware allows Express to use cookies, which are set via res.cookie() and read from req.cookies. Cookies can be inspected in developer tools and have options like expiration set.

Uploaded by

vakhtang nodadze
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
52 views

State Management: Cookies Session

State management is needed in HTTP because it is stateless. Cookies stored on the client and sessions stored on the server can both be used to maintain state across requests. Cookies can only store strings and persist when the browser is closed, while sessions can store objects but are erased when the browser closes. Cookie-parser middleware allows Express to use cookies, which are set via res.cookie() and read from req.cookies. Cookies can be inspected in developer tools and have options like expiration set.

Uploaded by

vakhtang nodadze
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

State Management

HTTP is stateless
In order to associate a request to any other request, you need a way to store user
data between HTTP requests
Cookies are used to transport data between the client and the server
Sessions allow you to store information associated with the client on the server

Cookies Session
Stored on the client side Stored on the server side
Can only store strings Can store objects
Can be set to a long lifespan When users close their browser, they also lose the session

108 Roi Yehoshua, 2018


Eliahu Khalastchi
Cookies
Cookies are simple, small files/data that are stored on the client side
Every time the user loads the website back, this cookie is sent with the request
This helps us keep track of the user’s actions

109 Roi Yehoshua, 2018


Eliahu Khalastchi
cookie-parser
To use cookies with Express, you can use the cookie-parser middleware
To install it, type the following command:

The cookie-parser is used the same way as other middlewares:


const express = require('express');
const cookieParser = require('cookie-parser');

const app = express();


app.use(cookieParser());

110 Roi Yehoshua, 2018


Eliahu Khalastchi
Setting New Cookies
To set a new cookie, use res.cookie(name, value [, options])
The value parameter may be a string or object converted to JSON
Example:
res.cookie('name', 'Roi');

You can pass an object as the value parameter - it is then serialized as JSON and
parsed by bodyParser() when received in the request
res.cookie('cart', { items: [1,2,3] });

111 Roi Yehoshua, 2018


Eliahu Khalastchi
Cookies with Expiration Time
The options object allows you to set expiration time to the cookie:
// Expires after 600000 ms (10 min) from the time it is set
res.cookie('rememberme', 1, {expire: Date.now() + 600000});

If expiration time is not specified or set to 0, then it creates a session cookie


i.e., a cookie that is erased when the user closes the browser
Another way to set expiration time is using the maxAge property
Using this property, we can specify expiration time which is relative to the current time (in
milliseconds) instead of absolute time
The following is equivalent to the example above:
res.cookie('rememberme', 1, {maxAge: 600000});

112 Roi Yehoshua, 2018


Eliahu Khalastchi
Inspecting Cookies in Chrome Developer Tools
In the Google Chrome developer tools, you can view the cookies sent to the browser
under the Application tab:

113 Roi Yehoshua, 2018


Eliahu Khalastchi
Reading Cookies
The browser sends back the cookies every time it queries the server
cookie-parser parses the Cookie header and populates req.cookies with an object
keyed by the cookie names
If the request contains no cookies, it defaults to {}
app.get('/show_cookies', (req, res) => {
res.write('name: ' + req.cookies.name + '<br/>');
res.write('remember me: ' + req.cookies.rememberme);
res.end();
});

To delete a cookie, use the clearCookie() function


res.cookie('name', 'Roi');
res.clearCookie('name');

114 Roi Yehoshua, 2018


Eliahu Khalastchi
Signed Cookies
You can sign your cookies, so it can be detected if the client modified the cookie
When the cookie gets read, it recalculates the signature and makes sure that it
matches the signature attached to it
If it does not match, then it will give an error
To create a signed cookie you would use
res.cookie('name', 'value', {signed: true})

And to access a signed cookie use the signedCookies object of req:


req.signedCookies['name']

115 Roi Yehoshua, 2018


Eliahu Khalastchi
Exercise (9)
Create a form that will enable the user to choose his favorite color
After choosing a color, the background color of the page should change to that color
The next time the user visits the page, his last chosen color should be displayed as
the background color of the page

116 Roi Yehoshua, 2018


Eliahu Khalastchi

You might also like