Express req.signedCookies Property

Beginner
⏱️ 8 min read
📚 Updated: May 2026
🎯 3 Code Examples

What you’ll learn

  • How req.signedCookies is populated by middleware.
  • How signed cookies differ from regular cookies.
  • How to read verified cookie values safely.
  • How to handle missing or invalid signatures.

Usage syntax

javascript
req.signedCookies
req.signedCookies.sessionId
1

Read signed cookie value

javascript
var cookieParser = require('cookie-parser');
app.use(cookieParser('my-secret'));

app.get('/profile', function (req, res) {
  var userId = req.signedCookies.userId;
  if (!userId) return res.status(401).send('No valid signed cookie');
  res.send('User ID: ' + userId);
});
2

Compare plain and signed cookie sources

javascript
app.get('/cookies-debug', function (req, res) {
  res.json({
    plain: req.cookies.theme,
    signed: req.signedCookies.theme
  });
});

❓ FAQ

It is an object of cookies that have been signed and verified with cookie-parser.
Yes. Configure cookie-parser with a secret, e.g., app.use(cookieParser('secret')).
req.cookies has plain cookies; req.signedCookies has verified signed cookie values.
Signature verification fails, so the signed value is not trusted and may be omitted/invalidated.
Avoid storing highly sensitive raw data; signed cookies protect integrity, not confidentiality.
Did you know?

req.signedCookies contains cookies that were signed and successfully verified using your cookie-parser secret.

About the author

Mari Selvan M P
Mari Selvan M P 🔗

Developer, cloud engineer, and technical writer

  • Experience 12 years building web and cloud systems
  • Focus Full Stack Development, AWS, and Developer Education

I write practical tutorials so students and working developers can learn by doing—from databases and APIs to deployment on AWS.

4 people found this page helpful