Express req.signedCookies Property
What you’ll learn
- How
req.signedCookiesis populated by middleware. - How signed cookies differ from regular cookies.
- How to read verified cookie values safely.
- How to handle missing or invalid signatures.
Usage syntax
javascript
req.signedCookies
req.signedCookies.sessionId1
Read signed cookie value
javascript
var cookieParser = require('cookie-parser');
app.use(cookieParser('my-secret'));
app.get('/profile', function (req, res) {
var userId = req.signedCookies.userId;
if (!userId) return res.status(401).send('No valid signed cookie');
res.send('User ID: ' + userId);
});❓ FAQ
It is an object of cookies that have been signed and verified with cookie-parser.
Yes. Configure cookie-parser with a secret, e.g., app.use(cookieParser('secret')).
req.cookies has plain cookies; req.signedCookies has verified signed cookie values.
Signature verification fails, so the signed value is not trusted and may be omitted/invalidated.
Avoid storing highly sensitive raw data; signed cookies protect integrity, not confidentiality.
Did you know?
req.signedCookies contains cookies that were signed and successfully verified using your cookie-parser secret.
4 people found this page helpful
