res.cookie is undefined with connect 3

[imrefazekas]

Dear All,

I just switched to connect 3 and i have an issue, hoped you can help me out.

var connect = require('connect'),
cookieParser = require('cookie-parser'),
cookieSession = require('cookie-session'),
csrf = require('csurf')
...
var app = connect()
    .use( cookieParser( process.env.SEC_SESSION_PASS || global.config.server.session.hashSecret ) )
    .use( cookieSession( {
        name:  text'.sid',
        secret: 'secret',
        cookie: { httpOnly: true }
    } ) )
    .use( csrf( { cookie: { key: 'XSRF-TOKEN', httpOnly: true } } ) )
...

And to all request I send I received this:

/.../node_modules/csurf/index.js:65
    res.cookie(cookieKey, secret, cookie);
        ^
TypeError: undefined is not a function
    at /.../node_modules/csurf/index.js:65:13
    at Object.ondone (/.../node_modules/csurf/node_modules/csrf-tokens/node_modules/uid-safe/index.js:13:7)

All packages are the latest ones available in NPMJS.

Tanks in advance!

[dougwilson]

Thanks. connect 3 no longer adds any patches to res, which is why there is no res.cookie any longer. I'll fix this module to not rely on that patch existing is all.

[imrefazekas]

Thanks, that would be great!

[dougwilson]

Just as an update here, the integration with res.cookies in express is not easy to get rid of, especially with the implicit cookie signing. For now, session-based tokens should work fine, but untangling the res.cookie dependence is still to be done.