Why are HTTP cookies used by Node.js for sending and receiving HTTP cookies?
The HTTP protocol is one of the most important protocols of the Application layer of the OSI model. The main use of this protocol is for sending hypertext information to the client to the server and server to the client to communicate on the World Wide Web. But, the HTTP protocol is a stateless protocol which means that this protocol cannot maintain the past requests of any particular client to the server. It means we have to repeatedly authorize requests in order to move forward to the next page in a web application.
How do we overcome this problem?
What is a cookie?
A cookie in simpler terms is just textual information about some website. When you visit a particular website, some information is saved in your local system so that when you visit the same website again, this website is able to recognize you and show you the results according to your preferences. Cookies have been long used in internet history.
Example: When you visit a website you actually request the web page from the server. For a server, every request is a unique request. So if you visit a hundred times, the server will consider each and every request unique. Since the intensity of requests that arrive at a server is high, it is obvious and logical not to store all user’s information on the server. What if you never visit this website again? This information would be redundant. So, to uniquely remember you, the server sends the cookies along with the response which is saved in your local machine. Now the next time you hit the same server, you will get response according to your preferences, as the server will recognize you.
This cookie is unique to every server (some exceptions exist today because of advertisements). So you might have many cookies in your system, but a server will recognize its own cookie and can analyze it for you.
HTTP Cookies: Using HTTP Cookies is one of the simple solutions to the problem. There are so many types of cookies used for smooth communication between the server and the client. The most commonly used cookie is a Session cookie.
Session cookies: These cookies are stored in temporary memory and valid up to the particular session till the user surfing on a particular website then the browser also provides us choose whether we want to store these cookies or not. Session cookies mostly used in e-commerce websites in order to track our order list of items without session cookies our shopping cart will always empty after surfing a new page of a particular e-commerce website. That’s why different HTTP cookies used during surfing on the internet in order to track our past requests.
How do Node.js Send and Receive cookies?
Express.js Framework uses middleware so that many requests can be handled easily. Similarly, Express.js supports the feature of parsing the incoming requests using middleware. When a new client makes a request for authorization after successfully filling the credentials, a response header containing signed cookies is sent to the client that contains all the information in the signed format and a cookie is generated for the particular session on the client-side.
When the client makes a request for the second time, the request contains a signed cookie that has all the past accepted request information of that session. Node.js server parses this signed cookie using the signed key and checks whether the cookie is present for this session or not. If it exists, it accepts the incoming requests otherwise rejects all incoming requests.
user=s%3Aadmin.MCnksbOc3nP5tXVflBq94MPEzyEd6yXYTwl9kT1as%2B0; Path=/; Domain=localhost;
Installing Modules: Install express and cookie-parser module using the following command:
npm install express.js npm install cookie-parser
Project Structure: It will look like the following:
Run index.js file using the following command:
- Open any browser with http://localhost:3000 location in a private window( in order to avoid a saved password and username). A pop will occur near the address bar. Fill in the username and password that are mention in the code.
- If the entered username and password match the condition, then the mention location index.html will render on the browser as shown below:
Response Header by the server:
Generated cookies on the client-side: