Express req.cookies Property

Beginner
⏱️ 8 min read
📚 Updated: May 2026
🎯 4 Code Examples

What you’ll learn

  • How req.cookies gets populated in Express.
  • How to read cookie values in route handlers.
  • How regular and signed cookies differ.
  • How to handle missing or invalid cookie values safely.

Usage syntax

javascript
req.cookies
req.signedCookies
1

Read cookies with cookie-parser

javascript
var cookieParser = require('cookie-parser');
app.use(cookieParser());

app.get('/profile', function (req, res) {
  var theme = req.cookies.theme || 'light';
  res.send('Theme: ' + theme);
});
2

Use signed cookies securely

javascript
var cookieParser = require('cookie-parser');
app.use(cookieParser('my-secret-key'));

app.get('/dashboard', function (req, res) {
  var userId = req.signedCookies.userId;
  if (!userId) return res.status(401).send('Unauthorized');
  res.send('Welcome user ' + userId);
});

❓ FAQ

It is an object containing cookies sent by the client, parsed into key-value pairs.
Yes. In most setups you use cookie-parser middleware before routes to populate req.cookies.
req.cookies has regular cookies, while req.signedCookies contains cookies signed with your secret.
Yes, if no cookies are sent by the client or parsing middleware is not configured.
No. Treat cookie data as client input and validate it before sensitive use.
Did you know?

req.cookies is populated by cookie-parser, and contains key-value pairs of plain (unsigned) cookies.

About the author

Mari Selvan M P
Mari Selvan M P 🔗

Developer, cloud engineer, and technical writer

  • Experience 12 years building web and cloud systems
  • Focus Full Stack Development, AWS, and Developer Education

I write practical tutorials so students and working developers can learn by doing—from databases and APIs to deployment on AWS.

4 people found this page helpful