New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cookieParser.signedCookie seems to not work properly #48
Comments
Somewhere in your code the value you are trying to unsign has been truncated. The value you're showing starts with |
You can see in the last screenshots you provided, the |
Taking the cookie from the last screenshot (please if you could send as text, as it look a really long time to type it out correctly :) ), here is the flow of unsigning the cookie, as an example:
Basically: (1) Parse the cookie header and get |
@dougwilson You're totally right.. The first screenshot is the result of my last attempt to understand why I can't decode the signed cookie.. I was trying to remove some characters at the beginning of the original string, thinking it will resolve somehow my issue. But I forgot to put back the original string when I've created this issue. But I can assure you there was an 's' character at the beginning of the string. It's a simple forgetfulness.. My bad.. But the last screenshot, like you said (sorry ..I will send next time text string with it next time :-)..I understand it can take a while to type it correctly...), is a perfect example of why it looks to not work properly. But When I use the "cookie" package with the "cookie-parser" package, it looks to work as expected. So thank you very much for your answer and your help. I guess the "cookie" package was what I was missing to resolve my issue. |
Nowadays you need to decode the cookie value using
Because it doesn't decode itself inside the function, now they just check if it starts with 'j:' or 's:' (before, when this issue was created, it required an encodedURI and it would check if it starts with 'j%3A', for JSONCookie, or 's%3A', for signedCookie, and then both of these functions would decode the input to continue their codes) these prints are from the actual expressjs/cookie-parser source code Conclusion: Example: var cookieParser = require('cookie-parser')
const signedCookieValue = 's%3Accc.4qKyaFIB4mq9fpZViqe1L1hiHbbGfRTZDZHhFtTvI10' // FROM res.cookie('bbbbb', 'ccc', {signed: true})
const decodedSignedCookieValue = decodeURIComponent(signedCookieValue) // RESULT s:ccc.4qKyaFIB4mq9fpZViqe1L1hiHbbGfRTZDZHhFtTvI10
// CORRECT WAY
cookieParser.signedCookie(decodedSignedCookieValue, 'SECRET') //RESULT ccc
// INCORRECT WAY
cookieParser.signedCookie(signedCookieValue, 'SECRET') //RESULT s%3Accc.4qKyaFIB4mq9fpZViqe1L1hiHbbGfRTZDZHhFtTvI10 |
Hello everyone. I'm trying to "decode" a signed cookie I receive in a websocket session. First, here is how I setup my express session with cookie-parser:
static.ts file
Somewhere in my code, when I receive a websocket connection, I'm able to get the signed cookie. But I want to decode it in order to have the session ID stored inside.
This is what I'm trying to do:
As you can see, i'm using the same secret password with "signedCookie" than in the cookieParser initialization. The result of signedCookie returns everytime the same string as the signed cookie (temp3 value in my current example). And according to your documentation:
it kinda says that the signature is invalid or something like that. Is it possible that I'm missing something in my approch ? In my database where the cookie is stored, I can see the decoded cookie (i.e the session ID). So I guess that something looks wrong with "signedCookie" function (or maybe with my approch).
You can see bellow what I have in my request parameter.
Also, bellow, you can see what I observe when I'm trying to user signedCookie function. The output of this function is the same as the input (signedSession). And the secret is the same as in the cookie-parser configuration.
Here is what I have in my webSocketSingleton.ts file
import * as cookieParser from 'cookie-parser';
Here is what I observe when using the signedCookie function
Here is the content of the "req" parameter
Can you help me please to resolve this issue ? Thank you in advance for your answer
The text was updated successfully, but these errors were encountered: