Express.JS: Attach cookie to statically served content

Question

I use Express.JS to serve static content:

express.use(express.static('./../'));

When index.html is served, I would like to send a cookie alongside the response indicating if the user is signed in or not. Normally one should use res.cookie() but I cannot see how to use it for statically served content.

Answer 1

Not sure why you need to do this, but you can place your own middleware before the static module.

The following quick hack should work:

function attach_cookie(url, cookie, value) {
  return function(req, res, next) {
    if (req.url == url) {
      res.cookie(cookie, value);
    }
    next();
  }
}

app.configure(function(){
  app.use(attach_cookie('/index.html', 'mycookie', 'value'));
  app.use(express.static(path.join(__dirname, 'public')));
});

The above inserts another function in the chain of middleware express uses before the static middleware. The new layer attaches the cookie to the response if the URL matches the specific one you are looking for -- and passes the response further down the chain.

Answer 2

Consider also the following approach:

1. If your express is behind web-server you can serve static files without bothering express - it should be faster than via middle-ware. If you use nginx, this can help: Nginx Reverse Proxying to Node.js with Rewrite .

2. Assuming that your static file has javascript in it, you can also set cookies directly on the client side only requesting from express the data you need for this cookie:

    document.cookie = "user_id=" + user_id; 

   Flanagan's JS definitive guide (edition 6!) has an excellent coverage on how to use cookies in client-side javascript (in addition to being the best among JavaScript books :).

It can be a trivial advice, but I have seen the following flow (more than once): client sends API request (which has a cookie attached to it, obviously), server gets data from the cookie and serves the response completely built on the data contained in this cookie. All this instead of just quietly reading this cookie in the client. Basically client asks the server what it has in its own cookie.

In your scenario you need to request user_id/access_key only once and then always check the cookie in the client, going to the server only for the data that client doesn't already have, but storing and checking session state and, maybe, some compact data used in most pages (such as username, eg) in cookies locally (you can also cache data in local storage, to reduce the server load even further). In this case, express won't even know if a user accidentally refreshes the page (if you don't change URLs to reflect application state as well, of course, or only change #-part).

Answer 3

As app.configure was removed since Express.js v4, I would like to do an update.

For Express.js versions > 4, to initialise my app by passing options inside the express.static(root, [options]) method, in which you can pass a Set-Cookie header in the property called setHeaders :

app.use(express.static(publicPath, {
  setHeaders: function (res, path, stat) {
    res.set('Set-Cookie', "myCookie=cookieValue;Path=/")
  }
}));

---

It is important to set Path=/ because otherwise express will create numerous duplicates of the cookie on the client side.