diff --git a/index.js b/index.js
index dd6d479..12ac087 100644
--- a/index.js
+++ b/index.js
@@ -49,15 +49,19 @@ function cookieParser (secret, options) {
     var cookies = req.headers.cookie
 
     req.secret = secrets[0]
-    req.cookies = Object.create(null)
-    req.signedCookies = Object.create(null)
+    req.cookies = {}
+    req.signedCookies = {}
 
     // no cookies
-    if (!cookies) {
+    if (!cookies || cookies.trim().length === 0) {
       return next()
     }
 
-    req.cookies = cookie.parse(cookies, options)
+    try {
+      req.cookies = cookie.parse(cookies, options) || {}
+    } catch (err) {
+      req.cookies = {}
+    }
 
     // parse signed cookies
     if (secrets.length !== 0) {
diff --git a/test/express5-null-cookies.test.js b/test/express5-null-cookies.test.js
new file mode 100644
index 0000000..bf4530e
--- /dev/null
+++ b/test/express5-null-cookies.test.js
@@ -0,0 +1,54 @@
+const assert = require('assert')
+const http = require('http')
+const express = require('express')
+const cookieParser = require('../index') // local cookie-parser
+
+describe('Issue #128 (Express 5 integration)', function () {
+  let server
+
+  before(function (done) {
+    const app = express()
+    app.use(cookieParser())
+
+    // Add a simple route
+    app.get('/', (req, res) => {
+      res.json({
+        cookies: req.cookies,
+        hasCookiesKey: Object.prototype.hasOwnProperty.call(req, 'cookies'),
+        type: typeof req.cookies
+      })
+    })
+
+    server = http.createServer(app).listen(4000, done)
+  })
+
+  after(function (done) {
+    server.close(done)
+  })
+
+  it('should return {} when no Cookie header is present', function (done) {
+    http.get('http://localhost:4000/', (res) => {
+      let data = ''
+      res.on('data', (chunk) => (data += chunk))
+      res.on('end', () => {
+        const parsed = JSON.parse(data)
+        assert.ok(parsed.hasCookiesKey, 'req should have a cookies key')
+        assert.deepStrictEqual(parsed.cookies, {}, 'req.cookies should be {}')
+        done()
+      })
+    })
+  })
+
+  it('should return {} when Cookie header is empty', function (done) {
+    const opts = { hostname: 'localhost', port: 4000, path: '/', headers: { Cookie: '' } }
+    http.get(opts, (res) => {
+      let data = ''
+      res.on('data', (chunk) => (data += chunk))
+      res.on('end', () => {
+        const parsed = JSON.parse(data)
+        assert.deepStrictEqual(parsed.cookies, {}, 'req.cookies should be {}')
+        done()
+      })
+    })
+  })
+})
diff --git a/test/req-cookies-null.test.js b/test/req-cookies-null.test.js
new file mode 100644
index 0000000..6a664a4
--- /dev/null
+++ b/test/req-cookies-null.test.js
@@ -0,0 +1,28 @@
+const express = require('express');
+const request = require('supertest');
+const cookieParser = require('..');
+
+describe('Issue #128 - req.cookies showing null', function () {
+  it('should default req.cookies to {} when no Cookie header is sent', function (done) {
+    const app = express();
+    app.use(cookieParser());
+
+    app.get('/', (req, res) => res.json(req.cookies));
+
+    request(app)
+      .get('/')
+      .expect(200, {}, done);
+  });
+
+  it('should default req.cookies to {} when Cookie header is empty', function (done) {
+    const app = express();
+    app.use(cookieParser());
+
+    app.get('/', (req, res) => res.json(req.cookies));
+
+    request(app)
+      .get('/')
+      .set('Cookie', '')
+      .expect(200, {}, done);
+  });
+});