Express: Manage cookies

Join the AI Workshop to learn more about AI and how it can be applied to web development. Next cohort February 1st, 2026

The AI-first Web Development BOOTCAMP cohort starts February 24th, 2026. 10 weeks of intensive training and hands-on projects.

Use the Response.cookie() method to manipulate your cookies.

Examples:

res.cookie('username', 'Flavio')

This method accepts a third parameter, which contains various options:

res.cookie('username', 'Flavio', { domain: '.flaviocopes.com', path: '/administrator', secure: true })

res.cookie('username', 'Flavio', { expires: new Date(Date.now() + 900000), httpOnly: true })

The most useful parameters you can set are:

Value	Description
`domain`	The cookie domain name
`expires`	Set the cookie expiration date. If missing, or 0, the cookie is a session cookie
`httpOnly`	Set the cookie to be accessible only by the web server. See HttpOnly
`maxAge`	Set the expiry time relative to the current time, expressed in milliseconds
`path`	The cookie path. Set to ’/’ to apply to the whole site
`secure`	Marks the cookie HTTPS only
`signed`	Set the cookie to be signed
`sameSite`	Value of `SameSite`

A cookie can be cleared with:

res.clearCookie('username')

Lessons in this unit:

0:	Introduction
1:	Introduction to Express
2:	Request parameters
3:	Send a response to the client
4:	Send a JSON response
5:	▶︎ Manage cookies
6:	Work with HTTP headers
7:	Handling redirects
8:	Routing
9:	Template engines
10:	Middleware
11:	Serving Static Assets with Express
12:	Send files to the client
13:	Sessions
14:	Validating and sanitizing input
15:	Handling form data
16:	Handling CORS
17:	HTTPS with a self-signed certificate
18:	HTTPS with Let's Encrypt
19:	Handling file uploads
20:	Build a REST API with MongoDB