This is a demo application for: How to use cookies in an Express NodeJS application. cookie-parser module is used for handling cookies.
-
httponlyWhen this attribute is set, client-side scripts are not allowed to access the cookie. Now, the question that arises is, 'Why do I need to safeguard my cookies from client-side scripts?'
The short answer: XSS
The long answer: Cross Site Scripting attacks can be used to steal cookies with the help of client-side scripts.
Restricting access to cookies by client-side scripts does not completely mitigate the risk of stealing cookies via XSS. However, it does raise the bar considerably and ensures that the most common XSS attack is mitigated, though not completely. -
secureThe Secure attribute makes sure that the cookie will only be sent with requests made over an encrypted connection and an attacker won't be able to steal cookies by sniffing.
-
maxAgeThis attribute is used to set persistent cookies. It signifies how long the browser should use the persistent cookie and when the cookie should be deleted.
If this attribute is not specified, then the lifetime of the cookie is the same as that of browser session, i.e. it will be a non-persistent cookie. -
expiresSame as
maxAge, but expiration date is provided instead of time to expire. -
domainThe domain attribute signifies the domain for which the cookie is valid and can be submitted with every request for this domain or its subdomains. If this attribute is not specified, then the hostname of the originating server is used as the default value.
-
pathThe path attribute signifies the URL or path for which the cookie is valid. The default path attribute is set as '/'.
Step 1: Clone the repo
git clone https://github.com/trulymittal/cookies-tasty.gitStep 2: cd into the cloned repo and run:
npm installStep 3 (optional): For installing nodemon globally.
npm install -g nodemonStep 4: Start the script by
npm startYou can fork this repo and send me a PR.
This project is licensed under the MIT License.