Forewarning: I am extremely new to Node.js and NPM.
From reading the documentation of cookieParser, it appears that cookies that are signed but fail validation are assigned false in the req.signedCookies object.
Signed cookies that fail signature validation will have the value false instead of the tampered value.
Also, cookies prefixed with j: are automatically parsed with JSON.parse.
In addition, this module supports special "JSON cookies". These are cookie where the value is prefixed with j:. When these values are encountered, the value will be exposed as the result of JSON.parse.
However, the string 'false' is valid JSON, so it should get parsed to false. I also found no option to disable the built-in JSON parser. How can I differentiate a valid signed j:'false' cookie from an invalid signed cookie?
If this is not possible, I request that this be relabeled to a bug report or feature request.
Forewarning: I am extremely new to Node.js and NPM.
From reading the documentation of
cookieParser, it appears that cookies that are signed but fail validation are assignedfalsein thereq.signedCookiesobject.Also, cookies prefixed with
j:are automatically parsed withJSON.parse.However, the string
'false'is valid JSON, so it should get parsed tofalse. I also found no option to disable the built-in JSON parser. How can I differentiate a valid signedj:'false'cookie from an invalid signed cookie?If this is not possible, I request that this be relabeled to a bug report or feature request.