res.cookie is undefined with connect 3

Question

res.cookie is undefined with connect 3

imrefazekas opened this issue 10 years ago · comments

Dear All,

I just switched to connect 3 and i have an issue, hoped you can help me out.

var connect = require('connect'),
cookieParser = require('cookie-parser'),
cookieSession = require('cookie-session'),
csrf = require('csurf')
...
var app = connect()
    .use( cookieParser( process.env.SEC_SESSION_PASS || global.config.server.session.hashSecret ) )
    .use( cookieSession( {
        name:  text'.sid',
        secret: 'secret',
        cookie: { httpOnly: true }
    } ) )
    .use( csrf( { cookie: { key: 'XSRF-TOKEN', httpOnly: true } } ) )
...

And to all request I send I received this:

/.../node_modules/csurf/index.js:65
    res.cookie(cookieKey, secret, cookie);
        ^
TypeError: undefined is not a function
    at /.../node_modules/csurf/index.js:65:13
    at Object.ondone (/.../node_modules/csurf/node_modules/csrf-tokens/node_modules/uid-safe/index.js:13:7)

All packages are the latest ones available in NPMJS.

Tanks in advance!

Douglas Wilson · Answer 1 · Mon Jun 23 2014 23:27:25 GMT+0800 (China Standard Time)

Thanks. connect 3 no longer adds any patches to res, which is why there is no res.cookie any longer. I'll fix this module to not rely on that patch existing is all.

Imre Fazekas · Answer 2 · Mon Jun 23 2014 23:34:56 GMT+0800 (China Standard Time)

Thanks, that would be great!

Douglas Wilson · Answer 3 · Mon Jun 30 2014 22:24:06 GMT+0800 (China Standard Time)

Just as an update here, the integration with res.cookies in express is not easy to get rid of, especially with the implicit cookie signing. For now, session-based tokens should work fine, but untangling the res.cookie dependence is still to be done.