4

When using the cookie-parser and express-session with Express 4, I can put the "secret" in either the cookie-parser or the express-session. Is there any recommendations whats right here?

It seems that if I put the secret in the cookie-parser, the coockie end up in req.signedCookies ...and if I put the secret in the express-session, the coockie end up in req.cookies.

Anders Östman
  • 3,702
  • 4
  • 26
  • 48
  • As far as `req.signedCookies` is concerned, a signed cookie will be placed in `req.signedCookies` so there is no ambiguity between `req.cookies` and `req.signedCookies`. The community seems to favor the secret being placed in `express-session`. I do not think there is an underlying difference whether it is placed in `express-session` of `cookie-parser`, as long as the middleware order is correct. – Michael Jun 09 '14 at 21:25
  • 3
    Possible duplicate of [when should I use cookie-parser with express-session?](http://stackoverflow.com/questions/27961320/when-should-i-use-cookie-parser-with-express-session) – Overdrivr Jul 28 '16 at 07:39

0 Answers0