Created
April 16, 2014 15:58
-
-
Save jfromaniello/10898647 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //very very bad: | |
| app.use(express.cookieParser()) | |
| app.use(express.session({ secret: 'keyboard cat', key: 'sid', cookie: { secure: true }, store: blabla})) | |
| app.use(express.static(__dirname + '/public')); | |
| //good: | |
| app.use(express.static(__dirname + '/public')); | |
| app.use(express.cookieParser()) | |
| app.use(express.session({ secret: 'keyboard cat', key: 'sid', cookie: { secure: true }, store: blabla})) | |
| /** | |
| This is better because it doesn't: | |
| - parse the cookie | |
| - fetch the session (important if you use mongo/redis/etc) | |
| **/ | |
| /** BONUS TIP: | |
| This bit me a few times. Browsers make requests for "favicon.ico", | |
| if you do not have that file `static` does "next()" and you end up with | |
| a Set-Cookie header on a 404 to /favicon.ico | |
| So, better you return 404 before the cookie and session middlewares for broken static assets. | |
| One way is to use the "onlyStatic" middleware https://gist.github.com/jfromaniello/10021643 as follows: | |
| **/ | |
| app.use(express.static(__dirname + '/public')); | |
| app.use(onlyStatic(function (req, res, next) { | |
| res.send(404); | |
| })); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment