I've setup a cookie with ctx.cookie.set('jwt', 'abcd', { expires: new Date(xxx) }), but now I need to grab that cookie again and get it's expiry date, how can I do that?
All the options I can see for ctx.cookie.get('jwt') only get the value of the cookie, not any of its options.
There is no way to view the expiration date of a cookie. It simply will not exist in the cookies collection once it has expired. If you truly require the specific date of expiration, you could store it in a separate cookie.
Related
I want to expire session when the browser is closed.
I'm using res.cookie('testlocale', 'en', { maxAge: 900000, httpOnly: true });
Also which event should i use in front end(onbeforeunload or onunlod)
I'm not able to understand how to do this. I'm using handlebars in front-end
If you use express-session.
You can set expires: false.
req.session.cookie
Each session has a unique cookie object accompany it. This allows you to alter the session cookie per visitor. For example we can set req.session.cookie.expires to false to enable the cookie to remain for only the duration of the user-agent.
From docs
If you want to manually delete cookies on frontend, I think both are good fit. But I'm not sure it's good idea.
How can I set a cookie that is not removed when the browser is closed?
The docs of res.cookie show option parameters you can pass to the method but I haven't been able to find a configuration that makes the cookie persist after closing the browser.
res.cookie('name', 'spence', { expires: 0 });
Simply set the expires parameter to some value in the future and the cookie will persist. I was getting hung up in the docs because what I thought I wanted was a "session cookie" but like its name implies, a session cookie only lasts for the duration of the browser session.
While it isn't possible to have a cookie to persist indefinitely, you can essentially do the same thing by setting the cookie to expire on some date far in the future.
var farFuture = new Date(new Date().getTime() + (1000*60*60*24*365*10)); // ~10y
res.cookie('name', 'spence', { expires: farFuture });
I have an Express 4.x app, and I pass a cookie to the browser with
res.cookie('foo','bar1', {maxAge:99999999999});
it expires in the distant future. However, 5 minutes later, I get another request from the same user, and I want to give them a new cookie.
res.cookie('foo','bar2', {maxAge:99999999999});
From my debugging, it looks like the new cookie doesn't overwrite the old cookie? Is that the case? How can I update/overwrite the old cookie with the new one?
I am about 99% certain that using the {overwrite: true} property will do the trick - from here:
https://www.npmjs.com/package/cookies
it says:
cookies.set( name, [ value ], [ options ] ) This sets the given cookie
in the response and returns the current context to allow chaining.
If the value is omitted, an outbound header with an expired date is
used to delete the cookie.
If the options object is provided, it will be used to generate the
outbound cookie header as follows:
maxAge: a number representing the milliseconds from Date.now() for
expiry expires: a Date object indicating the cookie's expiration date
(expires at the end of session by default). ... overwrite: a boolean
indicating whether to overwrite previously set cookies of the same
name (false by default). If this is true, all cookies set during the
same request with the same name (regardless of path or domain) are
filtered out of the Set-Cookie header when setting this cookie.
So that would be, in Node.js Express parlance:
res.cookie('cdt_app_token', encoded, {maxAge: 90000000, httpOnly: true, secure: false, overwrite: true});
Note that if you are using a non SSL or non TLS connection, cookies may not work if secure is true.
I'm on NodeJS, Express app i am using cookies for some features of my app. I need to set cookie life to one month.
For this very purpose i've set cookie maxAge to days*hoursPerDay*minutesPerHour*secondsPerMinute*1000 to achieve one month time 30*24*60*60*1000 = 2592000000.
Yet in browser expiry of my cookies is near 10 hours.
What am i missing, my calculations are wrong? or I am using wrong attribute(maxAge)?
Also what is the difference between maxAge and expiry attribute of cookies?
As far as i know, maxAge wont save in cookie's specifications.
As Don't trust Cookie setMaxAge demonstrated, The mechanism of maxAge works like Change/manipulate expiration date of cookie (based on SERVER_SIDE) but browser checks cookie's expiration date, based on CLIENT_SIDE.
From my point of view, This is misbehavior. Because in order to make max-age work as expected, both client/server DateTime should be synchronized.
maxAge should be set in milliseconds ( i was wrong, as i referred to client part)
https://developer.mozilla.org/en-US/docs/Web/API/document.cookie
are you setting coolie like below?
res.cookie('rememberme', '1', { maxAge: 900000, httpOnly: true })
http://expressjs.com/api.html#res.cookie
Everything I can find on Express Sessions expiring times is about setting the cookie.
session.cookie.expires = null; // Browser session cookie
session.cookie.expires = 7 * 24 * 3600 * 1000; // Week long cookie
But the expire date of cookies is not 'secured' with your secret, as these are just cookie settings your browser manages.
How can I set the expire date of the session in the session store? Because theoretically, when someone uses your computer, they can 'fix' the expiration time of an expired cookie and continue the session, if the server side session isn't also expired at the same time as the cookie.
I can't find anything about how this works or how to set/change this.
With the Session middleware, only the encrypted session ID is stored in the client side cookie. The expired date is stored as req.session.cookie.expires in the server side store. So we can add a custom middle to check whether current session is expired.
// ...
app.use(express.cookieParser());
app.use(express.session({secret:'yoursecret', cookie:{maxAge:6000}}));
app.use(function(req, res, next) {
// if now() is after `req.session.cookie.expires`
// regenerate the session
next();
});
// ...
I wrote the solution today as the project needed that.
Here it is:
https://github.com/expressjs/session/issues/173
There are instructions there.