📌  相关文章
📜  Express.js 中的 req.cookies 和 req.signedCookies

📅  最后修改于: 2021-09-15 01:06:24             🧑  作者: Mango

请求.cookies: Request.Cookies 应该是来自客户端(浏览器)的 cookie,而 Response.Cookies 是将发送回客户端(浏览器)的 cookie。 Cookie 是随服务器请求发送到客户端并存储在客户端的小文件/数据。这有助于我们跟踪用户的操作。

Cookie-parser 是一个中间件,用于解析附加到客户端请求对象的 cookie。当我们使用 cookie-parser 中间件时,这个属性是一个包含请求发送的 cookie 的对象。如果请求不包含 cookie,则默认为 { }。

例子:

Javascript
var cookieParser = require('cookie-parser'); 
var express = require('express'); 
var app = express(); 
var PORT = 3000; 
  
app.use(cookieParser()); 
  
app.get('/user', function (req, res) { 
req.cookies.name='Gourav'; 
req.cookies.age=12; 
  
console.log(req.cookies); 
res.send(); 
}); 
  
app.listen(PORT, function(err){ 
    if (err) console.log(err); 
    console.log("Server listening on PORT", PORT); 
});

Javascript
var cookieParser = require('cookie-parser'); 
var express = require('express'); 
var app = express(); 
var PORT = 3000; 
  
app.use(cookieParser()); 
  
app.get('/user', function (req, res) { 
  
    // Setting multiple cookies 
    req.signedCookies.title='Gourav'; 
    req.signedCookies.age=12; 
  
    console.log(req.signedCookies); 
    res.send(); 
}); 
  
app.listen(PORT, function(err){ 
    if (err) console.log(err); 
    console.log("Server listening on PORT", PORT); 
});

输出:现在打开浏览器并向http://localhost:3000/user发出 GET 请求,现在您可以在控制台上看到以下输出: 

Server listening on PORT 3000
[Object: null prototype] { name: 'Gourav', age: 12 }

req.signedCookies: req.signedCookies 属性包含由请求发送的签名 cookie,未签名,并在使用 cookie 解析器中间件时准备使用。对 cookie 签名不会使其隐藏或加密,而只是防止篡改 cookie。它的工作原理是创建值的 HMAC(当前 cookie),并对其进行 base64 编码。当 cookie 被读取时,它会重新计算签名并确保它与附加到它的签名匹配。如果不匹配,则会给出错误。如果未发送签名 cookie,则该属性默认为 { }。

例子:

Javascript 

var cookieParser = require('cookie-parser'); 
var express = require('express'); 
var app = express(); 
var PORT = 3000; 
  
app.use(cookieParser()); 
  
app.get('/user', function (req, res) { 
  
    // Setting multiple cookies 
    req.signedCookies.title='Gourav'; 
    req.signedCookies.age=12; 
  
    console.log(req.signedCookies); 
    res.send(); 
}); 
  
app.listen(PORT, function(err){ 
    if (err) console.log(err); 
    console.log("Server listening on PORT", PORT); 
});

输出:现在打开浏览器并向http://localhost:3000/user发出 GET 请求,现在您可以在控制台上看到以下输出: 

Server listening on PORT 3000
[Object: null prototype] { title: 'Gourav', age: 12 }

req.cookies 和 req.signedCookies 之间的区别 –

                       req.cookies                            req.signedCookies
We cannot identify if the data being returned to the cookie is modified by the client or not.  We use a signed cookie if we want assurance that the data being returned to the cookie has not been modified by the client.
If the request contains no cookies, it defaults to { }. If no signed cookies are sent then this property defaults to { }.
Server cannot detect if the cookies are changed by the client. Server can detect if the cookies are changed by the client.
No case of adding signature to the cookie. Signature is added as part of the cookie along with the actual cookie data. The signature is derived from the cookie data and from a secret that is known only to the server.