when should I use cookie-parser with express-session?

问题

In most ExpressJs example, I found using cookie-parser with express-session.

If I could access session data with req.session.name without it, in what case ( or benefits ) should I be using cookie-parser?

回答1:

For future humble coders, that will stumble upon this - I'm posting an up-to-date answer:

As the official description of express-session middleware says here: express-session

Since version 1.5.0, the cookie-parser middleware no longer needs to be used for this module to work. This module now directly reads and writes cookies on req/res. Using cookie-parser may result in issues if the secret is not the same between this module and cookie-parser.

Therefore, just use express-session middleware and have a nice day.

回答2:

In addition to providing simple cookie parsing functionality, the cookie-parser middleware enables signed cookies which can be referenced by other middleware components, using an optional secret attribute.

Why would you want signed cookies? This question addresses that well

来源：https://stackoverflow.com/questions/27961320/when-should-i-use-cookie-parser-with-express-session