Why is my header not being set on redirect?

Question

I have an express route. I set a header and a cookie and then I redirect.

router.get(\"/callback\", async (req, res         


        

Answer 1

Your header is likely being sent with the response, but you won't see that header when the browser actually follows the redirect and then requests the new URL. Browsers don't do that. Remember, when you do res.redirect(), it sends a response with a 302 status and a location header. The browser sees that 302 and reads the location header and then makes a new browser request to your server for the redirected location. Headers from the previous response are NOT added to the new request for the redirected location.

The usual ways to pass data like this to a redirected requests are:

1. Put it in the query string for the redirected URL as a parameter. Your server will then see that query string when the redirected requests comes in.
2. Set a cookie. Your server can then look at the cookie when the redirected request comes in.
3. Set data in a server-side session object that can be accessed on the next request. Your server can then look at the session when the redirected request comes in.

Only the first option above (query parameter) is entirely safe because the others can get confused about which request the data belongs to if there are other requests coming in from that same user.