How can I set cookie in node js using express framework?

Question

In my application, I need to set a cookie using the express framework. I have tried the following code but it's not setting the cookie.

var express = require('express'), http = require('http');
var app = express();
app.configure(function(){
      app.use(express.cookieParser());
      app.use(express.static(__dirname + '/public'));

      app.use(function (req, res) {
           var randomNumber=Math.random().toString();
           randomNumber=randomNumber.substring(2,randomNumber.length);
           res.cookie('cokkieName',randomNumber, { maxAge: 900000, httpOnly: true })

           console.log('cookie have created successfully');
      });

});

var server = http.createServer(app);
var io = require('socket.io').listen(server);
server.listen(5555);

How are you verifying that the cookie is not set? Have you checked the response headers the browser is getting? — NilsH, Apr 25 '13 at 07:53
@NilsH i have added log statement.if it set means it will display as 'cookie have created susccessfully'.. — sachin, Apr 25 '13 at 07:55
ok, then either your middleware is not invoked, or some of the previous statements give an exception. — NilsH, Apr 25 '13 at 07:58
if i removed 'app.use(express.static(__dirname + '/public'));' this line means it's set the cookie — sachin, Apr 25 '13 at 08:02

score 335 · Accepted Answer · edited May 28 '20 at 15:36

335

The order in which you use middleware in Express matters: middleware declared earlier will get called first, and if it can handle a request, any middleware declared later will not get called.

If express.static is handling the request, you need to move your middleware up:

// need cookieParser middleware before we can do anything with cookies
app.use(express.cookieParser());

// set a cookie
app.use(function (req, res, next) {
  // check if client sent cookie
  var cookie = req.cookies.cookieName;
  if (cookie === undefined) {
    // no: set a new cookie
    var randomNumber=Math.random().toString();
    randomNumber=randomNumber.substring(2,randomNumber.length);
    res.cookie('cookieName',randomNumber, { maxAge: 900000, httpOnly: true });
    console.log('cookie created successfully');
  } else {
    // yes, cookie was already present 
    console.log('cookie exists', cookie);
  } 
  next(); // <-- important!
});

// let static middleware do its job
app.use(express.static(__dirname + '/public'));

Also, middleware needs to either end a request (by sending back a response), or pass the request to the next middleware. In this case, I've done the latter by calling next() when the cookie has been set.

Update

As of now the cookie parser is a seperate npm package, so instead of using

app.use(express.cookieParser());

you need to install it separately using npm i cookie-parser and then use it as:

const cookieParser = require('cookie-parser');
app.use(cookieParser());

edited May 28 '20 at 15:36

Sumit

2,189
7
32
50

answered Apr 25 '13 at 08:09

robertklep

198,204
35
394
381

also i have one more question how can i check whether the cokkie is existing or not before setting the cookie – sachin Apr 25 '13 at 08:19
1

I edited my answer to show you how to check if the cookie is already set. – robertklep Apr 25 '13 at 08:24
now its working fine but i'm getting the log 8 times.it means that same code is running 8 times. cookie exists 7885156760457903 cookie exists 7885156760457903 cookie exists 7885156760457903 cookie exists 7885156760457903 cookie exists 7885156760457903 cookie exists 7885156760457903 cookie exists 7885156760457903 – sachin Apr 25 '13 at 08:29
1

You probably have some JS and/or CSS files on your page. Those will be handled by `express.static`, which will handle them *after* your middleware. So for each JS or CSS file, the code will be called. – robertklep Apr 25 '13 at 08:31
yes u r correct i have css and js files...how to resolve this one. – sachin Apr 25 '13 at 08:35
Well, what's the problem exactly? – robertklep Apr 25 '13 at 08:39
setting cookie value is executing 8 times.i don't know how to resolve this. – sachin Apr 25 '13 at 09:02
1

It doesn't set the cookie 8 times, it says the cookie already exists. Which is to be expected. – robertklep Apr 25 '13 at 09:06
24

Note that cookie parser should now be installed separately. See https://www.npmjs.com/package/cookie-parser – Joshua Aug 27 '16 at 16:08
```Error: Most middleware (like cookieParser) is no longer bundled with Express and must be installed separately. Please see https://github.com/senchalabs/connect#middleware.``` – kwoxer Mar 19 '21 at 10:36
Good ;) Just wanted to let you know. Thanks for updating. – kwoxer Mar 19 '21 at 11:01

score 204 · Answer 2 · edited Nov 27 '17 at 00:57

204

Set Cookie?

res.cookie('cookieName', 'cookieValue')

Read Cookie?

req.cookies

Demo

const express('express')
    , cookieParser = require('cookie-parser'); // in order to read cookie sent from client

app.get('/', (req,res)=>{

    // read cookies
    console.log(req.cookies) 

    let options = {
        maxAge: 1000 * 60 * 15, // would expire after 15 minutes
        httpOnly: true, // The cookie only accessible by the web server
        signed: true // Indicates if the cookie should be signed
    }

    // Set cookie
    res.cookie('cookieName', 'cookieValue', options) // options is optional
    res.send('')

})

edited Nov 27 '17 at 00:57

golopot

10,726
6
37
51

answered Oct 19 '16 at 14:59

Wayne Chiu

5,830
2
22
19

1

hi, could you say what is signed: true? – titoih Apr 11 '20 at 18:20
1

if you have advised to set cookie as sign, it's important to note that req.cookie will return empty. You can only retrieve signed cookie from req.signedCookies – Someone Special May 19 '20 at 12:44
5

You need to add this as well: `const app = express() app.use(cookieParser())` – Anton Matiash Jan 16 '21 at 19:11
@Wayne Chiu this was not working with Safari browser, can you please help me for this – Apurv Chaudhary Jun 01 '22 at 08:38
is there a way to set the cookie without having to use `res.cookie`? – Alex Antoine Sep 23 '22 at 02:12

score 59 · Answer 3 · edited Nov 18 '21 at 10:24

Not exactly answering your question, but I came across your question, while looking for an answer to an issue that I had. Maybe it will help somebody else.

My issue was that cookies were set in server response, but were not saved by the browser.

The server response came back with cookies set:

Set-Cookie:my_cookie=HelloWorld; Path=/; Expires=Wed, 15 Mar 2017 15:59:59 GMT

This is how I solved it.

I used fetch in the client-side code. If you do not specify credentials: 'include' in the fetch options, cookies are neither sent to server nor saved by the browser, even though the server response sets cookies.

Example:

var headers = new Headers();
headers.append('Content-Type', 'application/json');
headers.append('Accept', 'application/json');

return fetch('/your/server_endpoint', {
    method: 'POST',
    mode: 'same-origin',
    redirect: 'follow',
    credentials: 'include', // Don't forget to specify this if you need cookies
    headers: headers,
    body: JSON.stringify({
        first_name: 'John',
        last_name: 'Doe'
    })
})

I have inspected my post request in browser but this field is not going with the post request? — Sunil Garg, Nov 03 '17 at 11:22

score 33 · Answer 4 · answered Jul 03 '17 at 22:00

33

Set a cookie:

res.cookie('cookie', 'monster')

https://expressjs.com/en/4x/api.html#res.cookie

Read a cookie:
(using cookie-parser middleware)

req.cookies['cookie']

https://expressjs.com/en/4x/api.html#req.cookies

answered Jul 03 '17 at 22:00

spencer.sm

19,173
10
77
88

score 18 · Answer 5 · edited May 04 '21 at 14:01

18

Setting cookie in the express is easy

first install cookie-parser

npm install cookie-parser

using middleware

const cookieParser = require('cookie-parser');
app.use(cookieParser());

Set cookie know more

res.cookie('cookieName', '1', { expires: new Date(Date.now() + 900000), httpOnly: true })

Accessing that cookie know more

console.dir(req.cookies.cookieName)

Done!

edited May 04 '21 at 14:01

Jaysmito Mukherjee

1,467
2
10
29

answered Feb 10 '21 at 23:16

MD SHAYON

7,001
45
38

oriel9p · Answer 6 · 2022-05-07T07:00:01.283

setting a cookie can be done as such:

res.cookie('cookie name', 'cookie value', [options])

where cookie_name is the name(String) of the cookie you wish to set, for example - "token", and the cookie value is the value(String) you wish to store in the said cookie. as far as options go, you can read more about them here: https://expressjs.com/en/api.html

one example of an option is 'maxAge' which indicates how long a cookie is valid, this is used for example when assigning an authentication token and you wish to limit the time a user can stay logged in before having to re-login.

Reading a cookie can be done as such:
```
 req.cookies['cookie name']
```

which will return the value of the cookie.

This works only if ['cookie-parser'](https://www.npmjs.com/package/cookie-parser) package is installed and added as a middleware. — sanjarcode, Aug 07 '23 at 18:41

score 3 · Answer 7 · answered Nov 09 '22 at 01:55

If you have a problem with setting multiple cookies for one request

Try this way:

res.setHeader('Set-Cookie', [
    `accessToken=${accessToken}; HttpOnly; Path=/; Max-Age=${60 * 60}; Secure=True;`,
    `refreshToken=${refreshToken}; HttpOnly; Path=/; Max-Age=${60 * 60 * 24 * 7 * 2}; Secure=True;`
]);

score 2 · Answer 8 · answered Feb 01 '22 at 09:54

Isomorphic Read cookie helper:

function getCookieValue(cookieName = '', cookie = '') {
  const matches = cookie.match(`(^|[^;]+)\\s*${cookieName}\\s*=\\s*([^;]+)`)
  return matches ? matches.pop() : ''
}

// Node with express:
getCookieValue('cookieName', req.headers.cookie)

// Browser:
getCookieValue('cookieName', document.cookie)

Write in Node with express:

res.cookie('cookieName', 'cookieValue')

Write in the browser:

function setCookie(
  cname,
  cvalue,
  exdays = 100 * 365 /* 100 days */
) {
  const now = new Date()
  const expireMs = exdays * 24 * 60 * 60 * 1000
  now.setTime(now.getTime() + expireMs)

  document.cookie = `${cname}=${cvalue};expires=${now.toUTCString()};path=/`
}

// Example of usage
setCookie('cookieName', 'cookieValue')

res.cookie wasn't working somehow in my POST request. Probably because I'm sending JSON strings back, not using res.send. Handling it client-side in JavaScript before issuing the request was a quick hack that worked for me (in this specific case). Thanks! — Luc Bloom, Jun 07 '22 at 12:04

krishnA tiwari · Answer 9 · 2023-03-09T09:45:11.447

I think this might help you. I got the same problem while sending request from axios and show error about credentials and something like that. For that you have to use cors() in the backend with corsoptions as

npm i cors;

after cors has been successfully installed. Import in main server.js file

const cors = require('cors');

and after that use cors middleware before routing . In express it matters where you put the middleware. so put cors at above of routing.

var corsoption={
origin:"http://localhost:3000", //origin from where you requesting
credentials:true
}
//using cors
app.use(cors(corsoption));

only after setting these options send cookie as response it will set cookie on browser correctly and allow cross origin with credentials. NOTE: IF YOU WANT TO PARSE COOKIE ON BACKEND WE NEED TO INSTALL

Cookie-parser

to parse the cookie from browser request.

How can I set cookie in node js using express framework?

9 Answers9

Linked

Related