1 00:00:01,130 --> 00:00:04,150 Let's install a cookie session into our often service. 2 00:00:04,310 --> 00:00:09,450 So back in my terminal I'm going to make sure I'm inside my off project directory. 3 00:00:09,460 --> 00:00:13,910 I'll then do an NPR install cookie dash session. 4 00:00:13,930 --> 00:00:19,120 We're not going to only install the cookie such library cookie session by default does not have native 5 00:00:19,120 --> 00:00:20,280 title conscripts support. 6 00:00:20,650 --> 00:00:25,210 So we have to install a type definition file to help typescript to understand what is going on inside 7 00:00:25,210 --> 00:00:26,140 of this library. 8 00:00:26,140 --> 00:00:34,390 But to do so we're going to also install at types flash cookie dash session now make sure you got two 9 00:00:34,420 --> 00:00:35,200 S's right there. 10 00:00:35,200 --> 00:00:37,200 I just made a typo right before this video. 11 00:00:37,210 --> 00:00:41,860 I only put in one S and I got an error during the NPR install saying that that package does not does 12 00:00:41,860 --> 00:00:42,880 not exist. 13 00:00:42,880 --> 00:00:45,150 So just double check your spelling. 14 00:00:45,310 --> 00:00:45,580 All right. 15 00:00:45,610 --> 00:00:47,110 So all installed. 16 00:00:47,290 --> 00:00:52,500 Now let's go back over to our code editor inside my OP directory. 17 00:00:52,500 --> 00:00:56,280 I'll find the SLC folder and then the index out to yes file inside there. 18 00:00:57,580 --> 00:01:01,990 So we're going to import cookie session at the top and then wired up to our Express application as a 19 00:01:01,990 --> 00:01:03,320 middleware. 20 00:01:03,360 --> 00:01:12,520 So right after Mongoose I'll do an import cookie session from cookie dash session and then right after 21 00:01:12,520 --> 00:01:21,420 the app use Jason we will add in app use cookie session. 22 00:01:21,540 --> 00:01:25,680 We are going to pass in a configuration object and we are going to add in two different properties to 23 00:01:25,680 --> 00:01:26,630 this thing. 24 00:01:26,700 --> 00:01:30,830 So first remember we're going to disable encryption on this cookie. 25 00:01:30,840 --> 00:01:34,950 We're not going to worry about someone peeking into this thing or anything like that because the Jason 26 00:01:34,950 --> 00:01:41,590 Webb token itself is already encrypted so I going to put signed on here of false. 27 00:01:41,670 --> 00:01:46,320 I'm also going to require that cookies will only be used if a user is visiting our application over 28 00:01:46,320 --> 00:01:48,660 an HTC CPS connection. 29 00:01:48,750 --> 00:01:50,670 That's just a very small security improvements. 30 00:01:51,030 --> 00:01:59,740 So to add that in I'm also going to add secure true like so for a related reason to that. 31 00:01:59,920 --> 00:02:04,390 So with this secured you're right you're requiring that you must be on a HDP connection. 32 00:02:04,420 --> 00:02:09,520 We're also going to change a very small setting on express itself right after we create the Express 33 00:02:09,610 --> 00:02:09,870 app. 34 00:02:09,880 --> 00:02:17,420 We're going to add app dot sets trust proxy is true the recent version may not app not settings but 35 00:02:17,430 --> 00:02:18,280 app set. 36 00:02:18,290 --> 00:02:19,570 That's better. 37 00:02:19,700 --> 00:02:27,270 The reason for this is that traffic is being proximate to our application through ingress engine X Express 38 00:02:27,270 --> 00:02:31,650 is going to see the fact that stuff is being peroxide and by default Express is going to say hey wait 39 00:02:31,650 --> 00:02:35,070 there's a proxy here I don't really trust this each G.P.S. connection. 40 00:02:35,130 --> 00:02:39,660 Long story short we are just adding in this little step right here to make sure that express is aware 41 00:02:39,840 --> 00:02:45,510 that it's behind a proxy of ingress engine X and to make sure that it should still trust traffic as 42 00:02:45,510 --> 00:02:49,480 being secure even though it's coming from that proxy. 43 00:02:49,540 --> 00:02:50,440 That's it for setup. 44 00:02:50,440 --> 00:02:58,860 We're gonna save this file so we have now made sure back in this flow right here that we have the ability 45 00:02:58,860 --> 00:03:03,090 to eventually set a cookie on the response it goes back to a user the blessing we actually have to do 46 00:03:03,090 --> 00:03:07,260 is make sure that we generate that Jason web token and store it inside the cookie. 47 00:03:07,260 --> 00:03:11,190 Let's take a quick pause right here and discuss how we're going to generate that token in just a moment.