== How to fix it in Express.js

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,javascript,diff-id=1,diff-type=noncompliant]
----
import express from "express";
import cookieParser from "cookie-parser";

const app = express();
app.use(cookieParser());

app.get("/checkcookie", (req, res) => {
    if (req.cookies["connect.sid"] === undefined) {
        const cookie = req.query.cookie;
        res.cookie("connect.sid", cookie); // Noncompliant
    }

    return res.redirect("/welcome");
});
----

==== Compliant solution

[source,javascript,diff-id=1,diff-type=compliant]
----
import express from "express";
import cookieParser from "cookie-parser";

const app = express();
app.use(cookieParser());

app.get("/checkcookie", (req, res) => {
    if (req.cookies["connect.sid"] === undefined) {
        return res.redirect("/getcookie");
    }

    return res.redirect("/welcome");
});
----

include::../../common/fix/how-does-this-work.adoc[]