Nodejs: Correct way to return non-HTML data to browser?

Question

User JWT sent to the browser as an HTTP-only cookie. My question is, what is the best way to communicate the display name and user database ID, etc. to the browser?

I know that information can and does be set in the JWT payload, but isn't it best practice to make that cookie (JWT) unavailable to client-side JavaScript?

I can think of two ways - setting custom response headers, or sending the data as JSON in a

P粉642436282

reply

reply all(1)

I'll reply Close

P粉2758839732023-09-16 12:51:57 1 floor

Multiple cookies can be sent to the browser, and they can optionally be marked as HTTP Only, as shown below. Additionally, your server can send data/JSON in response to your browser XHR/Fetch requests.

let cookieArray = [];
cookieArray.push(`displayName=${displayName}`);
cookieArray.push(`id=${id}`);
cookieArray.push(`email=${email}`);
cookieArray.push(`token=${cookie}; HttpOnly`);
response.setHeader('Set-Cookie', cookieArray);

result:

Like +0

Add Reply 关闭回复

P粉642436282

reply

Answer 1

Multiple cookies can be sent to the browser, and they can optionally be marked as HTTP Only, as shown below. Additionally, your server can send data/JSON in response to your browser XHR/Fetch requests.

let cookieArray = [];
cookieArray.push(`displayName=${displayName}`);
cookieArray.push(`id=${id}`);
cookieArray.push(`email=${email}`);
cookieArray.push(`token=${cookie}; HttpOnly`);
response.setHeader('Set-Cookie', cookieArray);

result: