Home > Software design >  How to use CookieSession secure option?
How to use CookieSession secure option?

Time:04-18

I have installed a NPM by the name of cookie-session v2.0 which I want to use to transport a JWT to a client browser with HTTPS protocol. However when I want to set the secure option to true according to the documentation of https://www.npmjs.com/package/cookie-session, I receive an error which indicates the following:

Argument of type '{ signed: false; secure: any; }' is not assignable to parameter of type '{ httpOnly?: boolean; keys?: any[]; name?: string; overwrite?: boolean; secret?: string; signed?: boolean; }'.
  Object literal may only specify known properties, but 'secure' does not exist in type '{ httpOnly?: boolean; keys?: any[]; name?: string; overwrite?: boolean; secret?: string; signed?: boolean; }'. Did you mean to write 'secret'?

and if I hover over cookieSession, I can see clearly that there is no such property assigned according the documentation.

(alias) cookieSession(options?: {
    httpOnly?: boolean;
    keys?: any[];
    name?: string;
    overwrite?: boolean;
    secret?: string;
    signed?: boolean;
}): Function
import cookieSession

This is my code so far in my expressApp file:

const express = require("express");
const cookieSession = require("cookie-session");
const cors = require("cors");
const { errorHandler } = require("./middleware");
const { NotFoundError } = require("./errors");

const routers = require("./routes");

const expressApp = function async(app) {
  app.set("trust proxy", true);
  app.use(express.json());
  app.use(
    cookieSession({
      signed: false,
    })
  );
  app.use(express.urlencoded({ extended: true, limit: "1mb" }));
  app.use(cors());

  app.use("/api/v1", routers);

  app.all("*", async (req, res) => {
    throw new NotFoundError();
  });

  app.use(errorHandler);
};

module.exports = expressApp;

How can I fix this issue so I can set the secure option to true?

Thank you very much in advanced!

CodePudding user response:

As per documentation you linked

Cookie Options - Other options are passed to cookies.get() and cookies.set() allowing you to control security, domain, path, and signing among other settings.

You cannot set cookies to be secure while you are creating the cookieSession in app.use but you can set it when you setting or getting the cookie in your route.

cookies.set({ secure: true });

Check this answer out on how to send secure cookie in expressjs

  • Related