NODEJS EXPRESSJS COOKIE computer---->tempoary information save is called COOKIE NB LIKE SAVE TEMPOARY INFO SAVE IN SERVER IS CALLED SESSION WHEN WE USE IN COOKIE IN AUTHENTICATION WE USE SESSION , HERE ALSO WE CAN USE COOKIE, .SHOPPING CARD, FLASH MESSAGE,REMEMBER ME,/AUTO LOGIN, THEME PREFERENCES,lanuage selection Form Data Preservation Working step in COOKIE And USe step 1 npm install cookie-parser step 2 const cookieParser=require('cookie-parser') step 3 app.use(cookieParser()) app.use(cookieParser('secretkey')) //singed Cookie How to save Cookie 1.Store Cookie res.cookie('key',"value"{ maxAge: httpOnly: secure: samesite: singed: // for secure and strong }) =>Meaning maxAge: 86400000 1000*60*60*24 httpOnly:true, >>>perpus of security secure: true, >>>protocol server pr secore https samesite:'strict' >>>strict-> no visitor read this cookie bydefault 'lax', 'none' any visitor read cookie singed: true bydefault false ==> 2.read Cookie res.send(req.cookie.key) 2.read Cookie res.send(req.signedCookies.key) 3.Delete Cookie res.clearCookie('key') LAB:instell first npm init -y,npm install express,npm i nodemon npm install cookie-parser app.js // add package const express=require('express') const app=express(); const cookieParser=require('cookie-parser') //middleware // app.use(cookieParser()) app.use(cookieParser('Mysecure234')) /* SECOUR AND STORNG method HAI 1. es method use ke lie SET cookie me singned :true pass krna hoga 2.Get cookie me req.cookies ko replace req.signedCookies krenge */ //route app.get('/',(req,res)=>{ var home=`Home page`; const username=req.cookies.username; if(!username){res.send(`No Cookie found`)} res.send(`${home}:Cookie Found: ${username}`) }) // route set cookie app.get('/set-cookie',(req,res)=>{ // res.cookie('username',"rupeshtechnologies.com") res.cookie('username', 'rupeshtechnologies', //{maxAge:900000,httpOnly:true,}) {maxAge:900000,httpOnly:true,signed:true}) /*1000*60*15=15 minutes, httponly the cookie only accessible by web server and singned:true for secoure*/ res.send(`Cookie has been set`) }); // route cookie get app.get('/get-cookie', (req,res)=>{ //const username = req.cookies.username; const username = req.signedCookies.username;//for secoure if(!username) { res.send(`No Cookie found`) } res.send(`Cookie Found: ${username}`) }) // route cookie delete app.get('/delete-cookie',(req,res)=>{ res.clearCookie('username'); res.send(`Cookie Has been deleted`) }) //server app.listen(3000,()=>{ console.log('Server running on port at 30000'); }) http://localhost:3000/ http://localhost:3000/set-cookie http://localhost:3000/get-cookie http://localhost:3000/delete-cookie NODEJS EXPRESSJS CSRF TOKEN CSRF CROSS-SITE REQUEST FORGERY USE FOR SAVING HACKING ,FAKE DATA TOKEN TOKEN ||| |COMPUTER| SERVER CLIENT NOTES SO NEED TOKEN FOR HACKING AND FILLING FAKE DATA username.................. Email .................. SUBMIT <form action ="/userform" method="POST"> <input type ="hidden" name="_csrf" value="<%=csrfToken %>" <input type="text" name="username"> <input type="password" name="usermail"> </form> process CSRF TOKEN STEP 1 npm install cookie-parser csurf step 2 const cookieParser=require('cookie-parser') const csrf=require('csurf') step 3 app.use(cookieParser()) const csrfProtection=csrf({cookie:true}) step 4 app.get('/form',csrfProtection,(req,res)=>{ res.render('form',{csrfToken:req.csrfToken()}); }) step 5 app.post('/submit',csrfProtection,(req,res)=>{ }) lab: https://www.npmjs.com/package/csurf // not updated npm i csurf https://www.npmjs.com/package/@sailshq/csurf // updated npm i @sailshq/csurf npm init -y,npm i express,npm i ejs,npm i nodemon npm install cookie-parser npm i csurf npm install cookie-parser csurf (both) package.json "cookie-parser": "^1.4.7", "csurf": "^1.11.0", "ejs": "^3.1.10", "express": "^5.1.0", "nodemon": "^3.1.10" index.js const express = require('express'); const app = express(); const cookieParser = require('cookie-parser') const csrf = require('csurf') //data package app.use(express.urlencoded({ extended: false }))// form data app.use(express.json())//api data app.set('view engine', 'ejs');//for use css create public folder for attached css files // middleware app.use(cookieParser())//create cookie const csrfProtection = csrf({ cookie : true })// this middleware generate token //route app.get('/', (req, res) => { res.send("<h1>Home Page</h1>") }); //read app.get('/myform', csrfProtection, (req, res) => { res.render("myform", { csrfToken: req.csrfToken()}) }); //save app.post('/submit', csrfProtection, (req, res) => { // res.render('myform',{csrfToken:req.csrfToken()}) res.send(req.body)// show data in browser }); app.listen(3000, () => { console.log('Server running on port 3000'); }); myform.ejs <form action="/submit" method="post"> <input type="hidden" name="_csrf" value="<%= csrfToken %>"> <div class="mb-3"> <label for="name" class="form-label">Name</label> <input type="text" class="form-control" id="name" name="name"> </div> <button type="submit" class="btn btn-primary">Submit</button> </form>