Cookie-paeser Middleware Introduction
Cookie-parser is Express middleware for cookie parsing. To facilitate manipulation of cookie values in the client. It is equivalent to the server storing the information in the cookie, so the client can obtain the value obtained through the cookie. For example, cookies are generally used to record user login information.
An introduction to Express-Session middleware
The client can obtain the value through cookie, so the server can obtain the value through session. A session is a technique used by the server to record user status information. When a client requests the server for the first time, the server creates a unique object for the client, which is called a Session object. It’s a session storing cookies.
How to use cookie-parser in Express
To install a cookie – parser
/ / installation
npm i cookie-parser --save
Copy the codeIn the app. Js configuration
//app.js file to import middleware
var cookieParser = require('cookie-parser')
// Configure the middleware
app.use(cookieParser());
Copy the codeHow to set cookies
Notice that res does the setting
/ / set the cookie
res.cookies('key'.'value',option);
Copy the codeThe options are as follows: domain: indicates the domain name. Set whether subdomain names (secondary domain names) can access cookies.
Name =value: Key/ value pair. You can set the Key/ value to be saved. Note that the name cannot be the same as the name of other property items
Expires: Expires in seconds. The Cookie expires after a certain time, for example, Expires =Wednesday, 09-NOV-99 23:12:40 GMT
MaxAge: indicates the maximum expiration time (milliseconds)
Secure: When secure is true, cookies are invalid in HTTP but valid in HTTPS
Path: indicates the route affected by the cookie, for example, path=/. If the path does not match, the browser does not send the Cookie
HttpOnly: A Microsoft extension to cookies. If the httpOnly attribute is set in the COOKIE, the COOKIE information cannot be read by programs (clients) (JS scripts, applets, etc.), preventing XSS attacks
Signed: indicates whether to sign (encrypt) the cookie. If set to true, the cookie will be signed, so that res.signedcookies will be used to access it. Unsigned access with res.cookies.
How to Delete cookies
/ / delete the cookie
res.cookie('username'.'zhangsan', { maxAge:0 });
Copy the codeHow to encrypt cookies
(1) Pass parameters when configuring middleware, any parameters will do
app.use(cookieParser('123456'));
Copy the code(2) Add property = “signed:true” to set property
res.cookie('username',name, {maxAge:1000 * 60 * 60 * 24 * 7.signed:true}); // Set the cookie retention time (for example, 7 days)
Copy the codeHow to get cookies
Note that req does the setting (1) to get the unencrypted cookie
req.cookies.XXXX
req.cookies.username
Copy the code(2) Obtain encrypted cookies
req.signedCookies.XXXX
req.signedCookies.username
Copy the codeHow to use Express-session in Express
Install express – session
/ / installation
npm i express-session --save
Copy the codeHow to configure express-session in app.js
Configure after import:
let session = require("express-session");
app.use(session({
secret: '123456'.resave: false.saveUninitialized: true
}));
Copy the codeSession parameters are as follows: name: Sets the name of the session field saved in the cookie. The default value is connect.sid. Store: Stores sessions in memory by default. You can also use Redis and mongodb. Support for modules is available in the Express ecosystem. Secret: The secret string is used to calculate the hash value and put it in the cookie to make the generated signedCookie tamper-proof. Default: {path: ‘/’, httpOnly: true, Secure: false, maxAge: null}) genID: The NPM package uid2 is used by default when generating a new session_id. Rolling: Each request resets a cookie, default is false. Resave: Saves the session value even if the session has not been modified. Default is true.
How kind of the session
req.session.XXX=VALUE
/ / such as:
req.session.auth_username=name
Copy the codeHow to take the session
req.session.XXX
req.session.auth_username
Copy the codeHow to delete and destroy sessions
req.session.XXX=undefined;
req.session.auth_password=undefined;
Copy the codeAfter using both middleware in the Express framework, the browser looks like this:
conclusion
The above is the use of these two middleware in Express project. In what specific business scenarios can you refer to my other blog nodeJS + Express framework to achieve login filter and user login state saving