Can't set cookie 'expires' or 'maxAge' in Node.js using Express 3.0

Question

I've been trying to set my cookie's expiry date in Node.js using Express 3.0, but nothing is working.

My first attempt:

res.cookie('user', user, { maxAge: 9000, httpOnly: true });

Just ends in a cookie that has an invalid expiry time according to Chrome. Then I tried to set 'expires' instead, like so:

res.cookie('user', user, { expires: new Date(new Date().getTime()+5*60*1000), httpOnly: true });

And now my cookie is just a session cookie.

Does anyone know how to fix this?

Thanks for asking this question. your question along with this link brought me to a solution i was looking for: http://stackoverflow.com/questions/16209145/how-to-set-cookie-in-node-js-using-express-framework — jmunsch, Mar 09 '16 at 20:13

score 56 · Answer 1 · answered Sep 03 '17 at 18:23

56

Do note that maxAge is in milliseconds-

res.cookie('jwtToken', token, { maxAge: 2 * 60 * 60 * 1000, httpOnly: true }); // maxAge: 2 hours

answered Sep 03 '17 at 18:23

Varun Kumar

2,543
1
23
22

12

Upvote for the comment on maxAge being in millisecs! – lucke84 Jun 09 '18 at 15:04
probably the most important answer. – Someone Special Feb 02 '21 at 09:52
I was trying to use a short-lived cookie during development (120s), and got errors about 'Cookie “” has been rejected because it is already expired.' I was actually setting the maxAge to 120ms, which had expired by the time the page loaded. This wasn't easy to find searching, since Express uses ms, but [browsers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) implement [RFC 6265](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.2) that uses seconds; it's somewhat unexpected that Express does the conversion instead of just passing the value through. – robm Jan 21 '22 at 07:31
1

A strange decision to make it milliseconds considering the standard is seconds.. I'm guessing that decision has cost countless hours. – olejorgenb May 14 '22 at 10:56

asgoth · Accepted Answer · 2013-12-19T09:56:48.600

11

You have to use req.session.cookie:

req.session.cookie.expires = false;

req.session.cookie.maxAge = 5 * 60 * 1000;

See also connect docs.

edited Dec 19 '13 at 09:56

answered Jan 05 '13 at 22:16

asgoth

35,552
12
89
98

Turns out: it was actually working. Chrome just says the time format is wrong, but it still honours it. – Jelle De Loecker Feb 15 '13 at 19:48

score 8 · Answer 3 · answered Dec 19 '13 at 14:36

The accepted answer doesn't work for me.. but the original question has the version that does work. For example

var language = 'en';
//10 * 365 * 24 * 60 * 60 * 1000 === 315360000000, or 10 years in milliseconds
var expiryDate = new Date(Number(new Date()) + 315360000000); 
this.__res.cookie('lang', language, { expires: expiryDate, httpOnly: true });

score 2 · Answer 4 · edited Aug 09 '21 at 03:02

res.cookie('cookieName', jsonObject, { expires: new Date(Date.now() + (30*24*3600000)) }); /*set 1month,

If you face any issue related to cookie expire initialization, then debug your-self, I had to debug myself and fixed it as follows:

Insert the initialized time into a new variable

var expiryDate = new Date(Date.now() + (60*24*3600000));
console.log(expiryDate);

if it's display as aspected, then look into cookieParser npm v

Can't set cookie 'expires' or 'maxAge' in Node.js using Express 3.0

4 Answers4

Linked