Open In App

Difference between req.cookies and req.signedCookies in Express.js

Last Updated : 25 Aug, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

req.cookies: Request. Cookies are supposed to be cookies that come from the client (browser) and Response. Cookies are cookies that will send back to the client (browser). Cookies are small files/data that are sent to the client with a server request and stored on the client side. This helps us to keep track of the user’s actions.

Cookie-parser is a middleware that parses cookies attached to the client request object. When we use cookie-parser middleware then this property is an object that contains cookies sent by the request. If the request contains no cookies, it defaults to { }.

Example:

Javascript




const cookieParser = require('cookie-parser'); 
const express = require('express'); 
const app = express(); 
const PORT = 3000; 
  
app.use(cookieParser()); 
  
app.get('/user', function (req, res) { 
    req.cookies.name='Gourav'
    req.cookies.age=12; 
  
    console.log(req.cookies); 
    res.send(); 
}); 
  
app.listen(PORT, function(err){ 
    if (err) console.log(err); 
    console.log("Server listening on PORT", PORT); 
});


Output: Now open your browser and make a GET request to http://localhost:3000/user, now you can see the following output on your console:

Server listening on PORT 3000
[Object: null prototype] { name: 'Gourav', age: 12 }

req.signedCookies: The req.signedCookies property contains signed cookies sent by the request, unsigned, and ready for use when using cookie-parser middleware. Signing a cookie does not make it hidden or encrypted but simply prevents tampering with the cookie. It works by creating a HMAC of the value (current cookie), and base64 encoded it. When the cookie gets read, it recalculates the signature and makes sure that it matches the signature attached to it.If it does not match, then it gives an error. If no signed cookies are sent then the property defaults to { }.

Example:

Javascript




const cookieParser = require('cookie-parser'); 
const express = require('express'); 
const app = express(); 
const PORT = 3000; 
  
app.use(cookieParser()); 
  
app.get('/user', function (req, res) { 
  
    // Setting multiple cookies 
    req.signedCookies.title='Gourav'
    req.signedCookies.age=12; 
  
    console.log(req.signedCookies); 
    res.send(); 
}); 
  
app.listen(PORT, function(err){ 
    if (err) console.log(err); 
    console.log("Server listening on PORT", PORT); 
});


Output: Now open your browser and make a GET request to http://localhost:3000/user, now you can see the following output on your console:

Server listening on PORT 3000
[Object: null prototype] { title: 'Gourav', age: 12 }

Difference between req.cookies and req.signedCookies – 

                       req.cookies                            req.signedCookies
We cannot identify if the data being returned to the cookie is modified by the client or not.  We use a signed cookie if we want assurance that the data being returned to the cookie has not been modified by the client.
If the request contains no cookies, it defaults to { }. If no signed cookies are sent then this property defaults to { }.
The server cannot detect if the cookies are changed by the client. The server can detect if the cookies are changed by the client.
No case of adding a signature to the cookie. A signature is added as part of the cookie along with the actual cookie data. The signature is derived from the cookie data and from a secret that is known only to the server.


Similar Reads

Express.js req.signedCookies Property
The req.signedCookies property contains signed cookies sent by the request, unsigned, and ready for use when using cookie-parser middleware. Syntax: req.signedCookies Parameter: No parameter Return Value: Object Installation of the express module: You can visit the link to Install the express module. You can install this package by using this comma
2 min read
Difference between req.query and req.params in Express
In this article, we will learn about the req.query and req.params and we will also learn the difference between them. Table of Content req.query: Dealing with URL Stuffreq.params: Figuring Out Route ThingsDifference between req.query and req.params in Express.jsreq.query: Dealing with URL Stuff:Where the Data Comes From: It's from the extra bits at
3 min read
Express.js req.cookies Property
The req.cookies property is used when the user is using cookie-parser middleware. This property is an object that contains cookies sent by the request. Syntax: req.cookies Parameter: No parameters. Return Value: Object Installation of the express module: You can visit the link to Install the express module. You can install this package by using thi
2 min read
Why are HTTP cookies used by Node.js for sending and receiving HTTP cookies?
The HTTP protocol is one of the most important protocols of the Application layer of the OSI model. The main use of this protocol is for sending hypertext information to the client to the server and server to the client to communicate on the World Wide Web. But, the HTTP protocol is a stateless protocol which means that this protocol cannot maintai
5 min read
Difference between sessions and cookies in Express
Express.js is a popular framework for Node.js, that is used to create web applications. It provides tools to manage user sessions and cookies. The session and cookies are used to maintain the state and manage user authentication. In this article, we will learn about what sessions and cookies in Express and their differences. Table of Content Cookie
4 min read
Express Cookie-Parser - Signed and Unsigned Cookies
A cookie is a piece of data that is sent to the client-side with a request and is stored on the client-side itself by the Web Browser the user is currently using. With the help of cookies - It is easy for websites to remember the user's information It is easy to capture the user's browsing history It is also useful in storing the user's sessions Th
5 min read
How to manage sessions and cookies in Express JS?
Express is a small framework that sits on top of NodeJS web server functionality to simplify its APIs and add helpful new features. It makes it easier to organize your application’s functionality with middleware and routing. It adds helpful utilities to NodeJS HTTP objects, it helps the rendering of dynamic HTTP objects. Express is a part of MEAN s
4 min read
Explain the use of req and res objects in Express JS
Express JS is used to build RESTful APIs with Node.js. We have a 'req' (request) object in Express JS which is used to represent the incoming HTTP request that consists of data like parameters, query strings, and also the request body. Along with this, we have 'res' (response) which is used to send the HTTP response to the client which allows the m
3 min read
How to manipulate cookies by using ‘Response.cookie()’ in Express?
Cookies are small data that is stored on the client's computer. Using this cookie various tasks like authentication, session management, etc can be done. In Express JS we can use the cookie-parser middleware to manage the cookies in the application. In this article, we going to manipulate cookies in Express JS by using the two scenarios/approaches
3 min read
Express.js req.acceptsEncodings() Function
The req.acceptsEncodings() function returns the first accepted encoding of the specified encodings on the basis of the request Accept-Encoding HTTP header field and it returns false if none of the specified encodings is accepted. Syntax: req.acceptsEncodings(encoding [, ...]) Parameters: The encoding parameter is the specified encoding like 'compre
2 min read