Signed Cookies

COOKIES ARE SIGNED INORDER TO PROTECT FROM TAMPERING.

IT IS A 2 STEP PROCESS,

=> SEND SIGNED COOKIE

app.use(cookieParser("secretcode"));

app.get("/getsignedcookies", (req, res) => {

  res.cookie("color", "blue", { signed: true });

  res.send("done!");

});

A PARAMETER { signed: true } is sent

HERE ("secretcode")IS AN ADDITIONAL STRING THAT IS SENT ALONG WITH THE SIGNED COOKIE.

THE COOKIE'S VALUE IS SENT IN THE FORM OF AN UNREADABLE STRING.

=> VERIFY SIGNED COOKIE

WHENEVER IT IS TRIED TO BE MODIFIED THE OUTPUT IN THE CONSOLE WOULD PRINT false.

app.get("/verify", (req, res) => {

  console.log(req.signedCookies);

  res.send("verified");

});