Use the Response.cookie() method to manipulate your cookies.

Examples:

res.cookie('username', 'Flavio')

This method accepts a third parameter which contains various options:

res.cookie('username', 'Flavio', { domain: '.flaviocopes.com', path: '/administrator', secure: true })

res.cookie('username', 'Flavio', { expires: new Date(Date.now() + 900000), httpOnly: true })

The most useful parameters you can set are:

Value Description
domain the cookie domain name
expires set the cookie expiration date. If missing, or 0, the cookie is a session cookie
httpOnly set the cookie to be accessible only by the web server. See HttpOnly
maxAge set the expiry time relative to the current time, expressed in milliseconds
path the cookie path. Defaults to /
secure Marks the cookie HTTPS only
signed set the cookie to be signed
sameSite Value of SameSite

A cookie can be cleared with

res.clearCookie('username')