KEMBAR78
Exercise 15 - Using Cookies | PDF | Computers
Scribd
Upload
24 views2 pages

Exercise 15 - Using Cookies

This document discusses using cookies for authentication in an Express application. It explains how to set up the application to send signed cookies upon successful authentication and parse cookies from incoming requests. The cookie-parser middleware is used to parse cookies stored in the request header. The middleware signs cookies containing the username which are checked with each request to confirm authentication without requiring further login.

Uploaded by

Le Thi Thanh Phuong (K16 DN)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
24 views2 pages

Exercise 15 - Using Cookies

This document discusses using cookies for authentication in an Express application. It explains how to set up the application to send signed cookies upon successful authentication and parse cookies from incoming requests. The cookie-parser middleware is used to parse cookies stored in the request header. The middleware signs cookies containing the username which are checked with each request to confirm authentication without requiring further login.

Uploaded by

Le Thi Thanh Phuong (K16 DN)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Exercise – Using Cookies

Objectives and Outcomes


In this exercise you will examine the use of cookies for authentication. The server will send a
signed cookie to the client upon successful authentication, and expects the client to include the
cookie with every subsequent request. At the end of this exercise, you will be able to:

 Set up your Express application to send signed cookies.


 Set up your Express application to parse the cookies in the header of the incoming request
messages
Using cookie-parser

 The cookie-parser Express middleware is already included in the Express REST API
application. If you need to add Cookie parser middleware then you can install the NPM
module as follows:
npm install cookie-parser

 Update app.js as follows:


...

app.use(cookieParser('12345-67890'));

function auth (req, res, next) {

if (!req.signedCookies.user) {

var authHeader = req.headers.authorization;

if (!authHeader) {

var err = new Error('You are not authenticated!');

res.setHeader('WWW-Authenticate', 'Basic');

err.status = 401;

next(err);

return;

var auth = new Buffer.from(authHeader.split(' ')[1], 'base64').toString().split(':');

var user = auth[0];

var pass = auth[1];

if (user == 'admin' && pass == 'password') {

res.cookie('user','admin',{signed: true});

1
next(); // authorized

} else {

var err = new Error('You are not authenticated!');

res.setHeader('WWW-Authenticate', 'Basic');

err.status = 401;

next(err);

else {

if (req.signedCookies.user === 'admin') {

next();

else {

var err = new Error('You are not authenticated!');

err.status = 401;

next(err);

...

 Save the changes, run the server and test the behavior.
Conclusions
In this exercise you examined the use of cookies for tracking authenticated users so that
subsequent access to the server can be enabled without need for authentication.

You might also like