diff --git a/demo/server.js b/demo/server.js
index 4c5dcebc23..16c7f9540e 100644
--- a/demo/server.js
+++ b/demo/server.js
@@ -1,4 +1,5 @@
 const express = require('express');
+const passport = require('passport');
 const path = require('path');
 const Payload = require('../src');
 
@@ -15,6 +16,20 @@ const payload = new Payload({
   express: expressApp,
 });
 
+const externalRouter = express.Router();
+
+externalRouter.use(payload.authenticate());
+
+externalRouter.get('/', (req, res) => {
+  if (req.user) {
+    return res.send(`Authenticated successfully as ${req.user.email}.`);
+  }
+
+  return res.send('Not authenticated');
+});
+
+expressApp.use('/external-route', externalRouter);
+
 exports.payload = payload;
 
 exports.start = (cb) => {
diff --git a/package.json b/package.json
index 63c385d9d5..6a7ba1b729 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,6 @@
     "body-parser": "^1.19.0",
     "compression": "^1.7.4",
     "connect-history-api-fallback": "^1.6.0",
-    "cookie-parser": "^1.4.5",
     "date-fns": "^2.14.0",
     "deepmerge": "^4.2.2",
     "dotenv": "^6.0.0",
@@ -95,7 +94,6 @@
     "slate-react": "^0.58.3",
     "styled-components": "^5.1.1",
     "uglifyjs-webpack-plugin": "^1.3.0",
-    "universal-cookie": "^3.1.0",
     "url-loader": "^1.0.1",
     "uuid": "^8.1.0",
     "val-loader": "^2.1.0",
diff --git a/src/auth/getExtractJWT.js b/src/auth/getExtractJWT.js
index 876572133e..6c1a006c3f 100644
--- a/src/auth/getExtractJWT.js
+++ b/src/auth/getExtractJWT.js
@@ -1,3 +1,5 @@
+const parseCookies = require('../utilities/parseCookies');
+
 const getExtractJWT = config => (req) => {
   const jwtFromHeader = req.get('Authorization');
 
@@ -5,12 +7,12 @@ const getExtractJWT = config => (req) => {
     return jwtFromHeader.replace('JWT ', '');
   }
 
-  if (req.cookies) {
-    const jwt = req.cookies[`${config.cookiePrefix}-token`];
+  const cookies = parseCookies(req);
+  const tokenCookieName = `${config.cookiePrefix}-token`;
 
-    if (jwt) {
-      return jwt;
-    }
+  if (cookies && cookies[tokenCookieName]) {
+    const token = cookies[tokenCookieName];
+    return token;
   }
 
   return null;
diff --git a/src/express/middleware/index.js b/src/express/middleware/index.js
index d30cfcc164..2a883dfe37 100644
--- a/src/express/middleware/index.js
+++ b/src/express/middleware/index.js
@@ -3,7 +3,6 @@ const passport = require('passport');
 const compression = require('compression');
 const bodyParser = require('body-parser');
 const methodOverride = require('method-override');
-const cookieParser = require('cookie-parser');
 const qsMiddleware = require('qs-middleware');
 const fileUpload = require('express-fileupload');
 const localizationMiddleware = require('../../localization/middleware');
@@ -12,7 +11,6 @@ const identifyAPI = require('./identifyAPI');
 
 const middleware = (config) => {
   return [
-    cookieParser(),
     passport.initialize(),
     authenticate(config),
     express.json(),
diff --git a/src/express/static.js b/src/express/static.js
index f3124af899..7f9562d733 100644
--- a/src/express/static.js
+++ b/src/express/static.js
@@ -1,6 +1,5 @@
 const express = require('express');
 const passport = require('passport');
-const cookieParser = require('cookie-parser');
 const getExecuteStaticPolicy = require('../auth/getExecuteStaticPolicy');
 const authenticate = require('./middleware/authenticate');
 
@@ -11,7 +10,6 @@ function initStatic() {
     if (config.upload) {
       const router = express.Router();
 
-      router.use(cookieParser());
       router.use(passport.initialize());
       router.use(authenticate(this.config));
 
diff --git a/src/utilities/parseCookies.js b/src/utilities/parseCookies.js
new file mode 100644
index 0000000000..6dfc0fbb28
--- /dev/null
+++ b/src/utilities/parseCookies.js
@@ -0,0 +1,15 @@
+function parseCookies(req) {
+  const list = {};
+  const rc = req.headers.cookie;
+
+  if (rc) {
+    rc.split(';').forEach((cookie) => {
+      const parts = cookie.split('=');
+      list[parts.shift().trim()] = decodeURI(parts.join('='));
+    });
+  }
+
+  return list;
+}
+
+module.exports = parseCookies;
diff --git a/yarn.lock b/yarn.lock
index 5bc967704f..6585106224 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1369,11 +1369,6 @@
   resolved "https://registry.yarnpkg.com/@types/color-name/-/color-name-1.1.1.tgz#1c1261bbeaa10a8055bbc5d8ab84b7b2afc846a0"
   integrity sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==
 
-"@types/cookie@^0.3.1":
-  version "0.3.3"
-  resolved "https://registry.yarnpkg.com/@types/cookie/-/cookie-0.3.3.tgz#85bc74ba782fb7aa3a514d11767832b0e3bc6803"
-  integrity sha512-LKVP3cgXBT9RYj+t+9FDKwS5tdI+rPBXaNSkma7hvqy35lc7mAokC2zsqWJH0LaqIt3B962nuYI77hsJoT1gow==
-
 "@types/cross-spawn@^6.0.1":
   version "6.0.1"
   resolved "https://registry.yarnpkg.com/@types/cross-spawn/-/cross-spawn-6.0.1.tgz#60fa0c87046347c17d9735e5289e72b804ca9b63"
@@ -1477,11 +1472,6 @@
   resolved "https://registry.yarnpkg.com/@types/normalize-package-data/-/normalize-package-data-2.4.0.tgz#e486d0d97396d79beedd0a6e33f4534ff6b4973e"
   integrity sha512-f5j5b/Gf71L+dbqxIpQ4Z2WlmI/mPJ0fOkGGmFgtb6sAu97EPczzbS3/tJKxmcYDj55OX6ssqwDAWOHIYDRDGA==
 
-"@types/object-assign@^4.0.30":
-  version "4.0.30"
-  resolved "https://registry.yarnpkg.com/@types/object-assign/-/object-assign-4.0.30.tgz#8949371d5a99f4381ee0f1df0a9b7a187e07e652"
-  integrity sha1-iUk3HVqZ9Dge4PHfCpt6GH4H5lI=
-
 "@types/parse-json@^4.0.0":
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/@types/parse-json/-/parse-json-4.0.0.tgz#2f8bb441434d163b35fb8ffdccd7138927ffb8c0"
@@ -3132,14 +3122,6 @@ convert-source-map@^1.4.0, convert-source-map@^1.5.0, convert-source-map@^1.6.0,
   dependencies:
     safe-buffer "~5.1.1"
 
-cookie-parser@^1.4.5:
-  version "1.4.5"
-  resolved "https://registry.yarnpkg.com/cookie-parser/-/cookie-parser-1.4.5.tgz#3e572d4b7c0c80f9c61daf604e4336831b5d1d49"
-  integrity sha512-f13bPUj/gG/5mDr+xLmSxxDsB9DQiTIfhJS/sqjrmfAWiAN+x2O4i/XguTL9yDZ+/IFDanJ+5x7hC4CXT9Tdzw==
-  dependencies:
-    cookie "0.4.0"
-    cookie-signature "1.0.6"
-
 cookie-signature@1.0.6:
   version "1.0.6"
   resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c"
@@ -3150,11 +3132,6 @@ cookie@0.4.0:
   resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.0.tgz#beb437e7022b3b6d49019d088665303ebe9c14ba"
   integrity sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==
 
-cookie@^0.3.1:
-  version "0.3.1"
-  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.3.1.tgz#e7e0a1f9ef43b4c8ba925c5c5a96e806d16873bb"
-  integrity sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s=
-
 copy-concurrently@^1.0.0:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/copy-concurrently/-/copy-concurrently-1.0.5.tgz#92297398cae34937fcafd6ec8139c18051f0b5e0"
@@ -11402,16 +11379,6 @@ unique-string@^1.0.0:
   dependencies:
     crypto-random-string "^1.0.0"
 
-universal-cookie@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/universal-cookie/-/universal-cookie-3.1.0.tgz#a16964ccb16cf8fa463bda1ebe86482945339ad8"
-  integrity sha512-sP6WuFgqIUro7ikgI2ndrsw9Ro+YvVBe5O9cQfWnjTicpLaSMUEUUDjQF8m8utzWF2ONl7tRkcZd7v4n6NnzjQ==
-  dependencies:
-    "@types/cookie" "^0.3.1"
-    "@types/object-assign" "^4.0.30"
-    cookie "^0.3.1"
-    object-assign "^4.1.0"
-
 unpipe@1.0.0, unpipe@~1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec"