What is the difference between set cookie, res cookie and Cooki.set() (js-cookie)?

Issue

I am trying to implement an authentication system and I’ve run into some problems and after a lot of troubleshooting I’ve come to realise that I don’t fully understand the difference between theese three:

res.cookie(name, value, [options])

and

res.setHeader('Set-Cookie')

and

Cookies.set(name, value, [options]) //js-cookie npm package

Solution

I’m assuming that res.cookie (and res.setHeader) are coming from express.

Documentation for res.cookie states (just underneath the property table) that

All res.cookie() does is set the HTTP Set-Cookie header with the options provided. Any option not specified defaults to the value stated in RFC 6265.

So, res.cookie is just a wrapper around res.setHeader to make the code clearer: you can pass options as an object, instead of manually constructing a header value.

Both of those are called on a res (a.k.a response) object, so it’s a serverside tool to tell the client "please put that into cookies".

As for the last one, Cookies.set, that is intended to be run on the client instead. Internally, it just sets the document.cookie propery.

So, if we build a tl;dr table of all mentioned cookie setting options, here they are:

function side needs manual formatting
res.cookie server no
res.setHeader server yes
Cookies.set client no
document.cookie = client yes

Answered By – MonstraG

Answer Checked By – Robin (AngularFixing Admin)

Leave a Reply

Your email address will not be published.