Comments (10)
dougwilson
commented on April 29, 2024
req.signedCookies are only populated with signed cookies that have valid signatures; if that cookie is not translated into signedCookies the signature is not valid with the secret you provided.
from cookie-parser.
devth
commented on April 29, 2024
signature is not valid with the secret you provided
What would cause that? I tried configuring with:
app.use(cookieParser('MzaP7XtPSEmbB3AiDGxkeFO1cnxr/EPsvcsLmnqG03k='))Thanks.
from cookie-parser.
dougwilson
commented on April 29, 2024
For the secret you posted, the cookie signed with it would look like this:
s:j:{"why":"ok"}.R9yq3/37iDxGKbZd+12Mt3YrMfPkPohwYh9idxiq44A
The part after the dot is the signature; as you can see the signature is very different from the one you posted, so the cookie was signed with a different secret than you are giving to this module, thus why it didn't validate.
from cookie-parser.
devth
commented on April 29, 2024
I see. I assumed writing and reading cookies was done in the same lib, and would therefore use the same secret, but it appears they are out of sync.
from cookie-parser.
dougwilson
commented on April 29, 2024
What library are you writing cookies with?
from cookie-parser.
dougwilson
commented on April 29, 2024
Nevermind, I see it is something outdated and using [email protected]; this library uses 1.0.3 (yes, I know it's weird that the change would have been a patch version, but I don't have control over it). Using an older connect/express, perhaps?
from cookie-parser.
devth
commented on April 29, 2024
express 3.1.2. There could be something weird happening in my end. We have a custom internal node stack that basically wraps express, so I don't even know how to figure out what is handling my cookies. I thought maybe it was built in to express.
from cookie-parser.
dougwilson
commented on April 29, 2024
I thought maybe it was built in to express.
It is, but express 3.1.2 is really old. To parse cookies with this library, you need express 3.2.0 or higher to write the cookies.
from cookie-parser.
devth
commented on April 29, 2024
Got it. I'll see if we can upgrade. Thanks again.
from cookie-parser.
dougwilson
commented on April 29, 2024
No problem. I was surprised how close you were to being on a supported express version, so hopefully it should be straight-forward to just jump to 3.2.0.
from cookie-parser.
Related Issues (20)
- Cookie Parser not reading signed cookies HOT 2
- Reading duplicated cookies HOT 5
- Docs on signedCookie seem to be off HOT 1
- How to sign a cookie manually? HOT 1
- create and remove cookies HOT 1
- Specific cookie kinda broken HOT 7
- cookieParser.signedCookie seems to not work properly HOT 5
- How to change/set domain, seems impossible? HOT 1
- Cookies values with "j:" prefix should not be parsed as JSON by default HOT 4
- signedCookie is unlikely to be used correctly HOT 1
- How do I clear the cookie(s)? HOT 1
- Inaccurate docs about JSONCookie, JSONCookies, signedCookie and signedCookies HOT 3
- Clear Cookies Feature? HOT 1
- My cookies automatically expire after 30 minutes HOT 1
- Get Metadata from cookie HOT 1
- [ FEATURE ] Support for ES6 imports HOT 1
- Provide types for the cookies in typescript HOT 5
- cookie 0.5.0 HOT 2
- Cookies not setting in production HOT 5
- Node.js v20.9.0 fetch API can't get set-cookie header set by cookie-parser HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cookie-parser.