`req.signedCookies`

An object of cookies that were signed and successfully verified.

Since Express 4 (via cookie-parser) Spec ↗

Syntax

req.signedCookies

Returns

object — Verified signed cookie names mapped to values.

Examples

import cookieParser from 'cookie-parser';

app.use(cookieParser('a-long-random-secret'));

app.get('/', (req, res) => {
  res.cookie('uid', '42', { signed: true });
  res.send('cookie set');
});

app.get('/check', (req, res) => {
  res.send(`uid = ${req.signedCookies.uid}`);
});

Output

uid = 42

app.get('/x', (req, res) => {
  // tampered cookie -> value is false, not present here
  res.json(req.signedCookies);
});

Output

{}

Notes

Requires `cookie-parser` initialized with a secret. A tampered signed cookie is rejected (it will not appear here, and its raw form becomes `false`). Signing proves integrity, not confidentiality - the value is still readable by the client.

Syntax

Returns

Examples

Notes

See also