1

Using a combination of Express-session, Connect-mongo and PassportJS on a Node server I have the following validation function:

expressApp.post('/login', function(req, res, next) {
    passport.authenticate('login', function(err, user, info) {
                if(err) {
                    return console.log(err);
                }
                if(!user){
                    res.set('WWW-Authenticate', 'x' + info);
                    return res.send(401);
                }
                req.login(user, function(err){
                    if(err) {
                        return console.log(err);
                    }
                    //I WANT TO ACCESS OUTGOING COOKIE HERE
                    //var cookie = res.get('SET-COOKIE');

                    res.redirect('/homepage');
                });
            }
        )(req, res, next)
    }
);

As you can see in the commented part, I want to access the cookie information before response is sent to the client. I haven't been able to find any such data within the 'res' and 'user' object.

Specifically I'm looking for the same string you can locate within the 'SET-COOKIE' header in a HTTP response.

Wollan
  • 929
  • 1
  • 13
  • 23

1 Answers1

1

The SET-COOKIE header string is created within Express-session\index.js after calling i.e res.redirect(..) from your personal code.

Find the function 'setcookie' and you will be able to access the raw string (and tamper with its creation if you so wish). Currently this means customizing the internal express-session code which is not ideal.

EDIT: I have received a secondary suggestion from Douglas Wilson, contributor/developer for Express-session:

The express-session module does not provide any real interface to examine it before it sets it on the Node.js HTTP response object, but you can get to it before the response is sent, which may or may not work depending on your use-case, using the on-headers module to see headers getting sent to the client:

var onHeaders = require('on-headers');

// ... later when you need to get to it

onHeaders(res, function () {
  // the final headers are visible here to read, remove, or alter
  console.dir(res.get('Set-Cookie'));
});

*Now, this may or may not be useful, depending on the reason you need that cookie.*
Wollan
  • 929
  • 1
  • 13
  • 23
  • Im adding this in my controller right before sending a response with res.json, but onHeaders returns undefined. – Simon May 29 '21 at 13:33