Nodejs, Express and Cookies

As you are developing app on NodeJS and Express, you may have come across many source codes, which provides you with different options to set your cookie, read the cookie and destroy the cookie. Do you just copy them blindly?

I myself met with situations that got me stuck for days, because of a cookie!

Why req.cookie is empty?

You may have done everything you can find online, setting the different options on your res.cookie and you realise, hey! req.cookie is always returning empty or undefined!

I was taught to set a cookie this way, in order to ensure my cookie is secure.

cookie: {
httpOnly: true,
sameSite: true,
signed: true,
secure: true,
res.send('key','string',cookie)//on another route
console.log(req.cookie) //returns {}

Notice what’s wrong with the code above?

Yes, signed is set as true. I have no idea what a signed cookie was before this. However if you encounter the same situation as me, first check if your signed option is set to true. If it is, then you won’t be able to retrieve your cookie via req.cookie. You need to use this.


How do I delete / destroy cookie? Sending res.cookie(‘cookiename’, ‘’,{maxAge: 0}) doesn’t work!

If you have copied code snippets on forums and other online resources, you would notice that those codes work, but it may not work for everyone.

In my application, I wanted a simple log out function by using fetch to call /logout route.

const logout = () => {
fetch('/logout', { method: 'POST' })

On my server, I followed the codes online and these are some of the solutions provided, all very similar to one another

res.cookie('cookieName', '', {
domain: '',
maxAge: 0,
overwrite: true,

or this…

res.cookie("key","empty the key content", {expires:old date, domain:'', path:'/'});

or this….

res.cookie("token", "", { expires: new Date(0),domain:'', path: '/' });

And they all work. Some believe setting the domain and path are important while expiring the cookie and I tried most of them, but nothing works in all my attempts.

If you have tried above and it still doesn’t work.'/logout', (req, res, next) => {return res.cookie('jwt', 'deleted', { maxAge: 0, expires: 'Thu, 01 Jan 1970 00:00:00 GMT'}).end();})

.end() is the most important to ensure the res.cookie gets send to the client, and this is one big mistake that I made.

Now I can successfully expire the cookie, send to the client, and I can finally see the cookie disappear from the browser.

Know a trick or 2 about cookies? Share with me!




entrepreneur, developer, dream chaser

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A Fruit Flavoured Guide to Creating a REST API powered by Node and MongoDB.

AngularJS Best Practices, by Joe Eames

How I rewrote our codebase to TypeScript in a week.

Why React Native: To Build Top-Notch Mobile Apps?

How to convert VIFF to PNG in Javascript

check palindrome string is valid or not

LeetCode problem #454 — 4Sum II (JavaScript)

The C in C.R.U.D using React-Redux

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dave Teu

Dave Teu

entrepreneur, developer, dream chaser

More from Medium

Introduction Node.js

Adding correlation-id to Node.js express-based application with log4js