Cookies have session status #216
Description
Because we don't ever set the max-age on the cookies they are considered session cookies. That means when the browser closes and reopens the cookies are deleted. To fix this we need to do something like the following:
const express = require('express');
const cookieParser = require('cookie-parser');
const app = express();
app.use(cookieParser());
// Route to set a cookie that lasts ~100 years
app.get('/set-cookie', (req, res) => {
const hundredYears = 100 * 365 * 24 * 60 * 60 * 1000; // in milliseconds
res.cookie('userId', '12345', {
maxAge: hundredYears, // cookie lifespan
httpOnly: true, // optional, for security
secure: false, // set true if using HTTPS
sameSite: 'lax' // good default for CSRF protection
});
res.send('Cookie set to never expire (practically)');
});
app.listen(3000, () => {
console.log('Server running on http://localhost:3000');
});Note that simon is not very good at handling the case where the cookie is going, but it still thinks it has a user in localstorage.