What are cookies in node? how to use?

The content of this article is about what are cookies in node? how to use? It has certain reference value. Friends in need can refer to it. I hope it will be helpful to you.

Why do we need cookies

We know that http is a stateless protocol. What does stateless mean?
Let me give a small example to illustrate: For example, Xiao Ming is shopping online. He browses multiple pages and purchases some items. These requests are completed in multiple connections. If no additional means are used, the server cannot We know exactly what he purchased, because the server simply doesn’t know whether the person requesting each time is Xiao Ming, unless Xiao Ming has a identification to prove that he is Xiao Ming.

So, in order to identify the user's identity and perform session tracking, cookies appear.

What is a cookie

Simply put, a cookie is an identifier.
Strictly speaking, a cookie is some information stored on the client. It is submitted by the browser to the server every time it is connected, and the server also initiates a request to the browser to store the cookie, relying on this method. , the server can identify the client.
Specifically, when the browser initiates a request to the server for the first time, the server will generate a unique identifier and send it to the client browser. The browser will store this unique identifier in Cookie. In each request initiated, the client browser transmits this unique identifier to the server, and the server uses this unique identifier to identify the user.

Having said so much, open the browser and let’s take a look at this product first.

In the picture above, it is a cookie stored in the browser. Its name is name and its value is abc.

Regular cookie

It’s not enough to just look at it. Next, let’s use node to make a regular cookie.
First, install the express framework and cookieParser middleware

npm i express --save
npm install cookie-parser --save

The main uses of cookieParser middleware are as follows:

1. Parse cookies from the browser and put them in req. In cookies;

2. For signed cookies, sign and unsign cookies

The code is as follows:

var express = require('express');
var cookieParser = require('cookie-parser');

var app = express();
app.use(cookieParser());

app.use(function (req, res) {
  if (req.url === '/favicon.ico') {
    return
  }

  // 设置常规cookie, 有效期为20s, 客户端脚本不能访问它的值
  res.cookie('name', 'abc', { signed: false, maxAge: 20 * 1000, httpOnly: true });
  console.log(req.cookies, req.url, req.signedCookies);

  res.end('hello cookie');
})

app.listen(4000)

After running, Open http://localhost:4000/
in the browser. Taking chrome as an example, open the browser debugging tool with f12, and you can find the cookie you defined among the cookies in the application.
The req.cookies and req.signedCookies attributes are the parsing results of the cookies in the request header sent with the http request.
Among them, req.cookies corresponds to ordinary cookies, and req.signedCookies corresponds to signed cookies.
If there is no cookie in the request, both objects will be empty.

Signed cookie

Signed cookie is more suitable for sensitive data, because it can verify the integrity of the cookie data and help prevent man-in-the-middle attacks.
Valid signed cookies are placed in the req.signedCookies object.

The code is as follows:

var express = require('express');
var cookieParser = require('cookie-parser');

var app = express();

// 设置密钥，用来对cookie签名和解签, Express可以由此确定cookie的内容是否被篡改过
app.use(cookieParser('a cool secret'));

app.use(function (req, res) {
  if (req.url === '/favicon.ico') {
    return
  }

  // 设置签名cookie, 并且有效期为1min
  res.cookie('name', 'efg', { signed: true, maxAge: 60 * 1000, httpOnly: true });
  console.log(req.cookies, req.url, req.signedCookies);

  res.end('signed cookie');
})
app.listen(4000)

After running, open http://localhost:4000/
Take chrome as an example, f12 to open the browser debugging tool, in the application You can find the signed cookie you defined in the cookies, the format is as follows: s:efg.7FJDuO2E9LMyby6+o1fGQ3wkIHGB9v1CDVWod8NQVAo
. The left side of the number is the value of the cookie, and the right side is the encrypted hash value generated by SHA-1 HMAC on the server.
If the value of this signed cookie is tampered with, the decryption of the cookie on the server will fail, and the req.signedCookies output in the node will be false. As follows:

And if the cookie is passed intact, it will be parsed correctly:

Summary

You can store any type of text data in a cookie, but usually a session cookie is stored on the client side so that you can Preserve full user state on the server side.

Related recommendations:

Detailed explanation of Promise in jQuery, Angular, and node

##How to use the cluster cluster in node

The above is the detailed content of What are cookies in node? how to use?. For more information, please follow other related articles on the PHP Chinese website!