Easily parse and write signed & encrypted cookies on Node.js HTTP requests.
node-cookie
makes it simpler to create encrypted and signed cookies for HTTP requests.
You can use it with any framework or library of your choice.
const http = require('http')
const nodeCookie = require('node-cookie')
http.createServer(function (req, res) {
// this will update set-cookie header on res object.
nodeCookie.create(res, 'user', 'virk')
}).listen(3000)
const http = require('http')
const nodeCookie = require('node-cookie')
http.createServer(function (req, res) {
nodeCookie.create(res, 'user', 'virk', '16charlongsecret')
}).listen(3000)
const http = require('http')
const nodeCookie = require('node-cookie')
http.createServer(function (req, res) {
nodeCookie.create(res, 'user', 'virk', '16charlongsecret', true)
}).listen(3000)
Cookie parser is a simple utility module to read and write cookies on Node.js HTTP requests. It supports cookie signing and encryption.
- parse(req, [secret], [decrypt]) ⇒
Object
- get(req, key, [secret], [decrypt], [cookies]) ⇒
Mixed
- unPackValue(value, secret, decrypt) ⇒
String
- packValue(value, [secret], [encrypt]) ⇒
String
- create(res, key, value, [options], [secret], [encrypt]) ⇒
void
- clear(res, key, [options]) ⇒
void
Parses cookies from HTTP header Cookie
into
a javascript object. Also it will unsign
and decrypt cookies encrypted and signed
by this library using a secret.
Kind: inner method of Cookie
Param | Type | Default |
---|---|---|
req | http.IncomingRequest |
|
[secret] | String |
|
[decrypt] | Boolean |
false |
Example
nodeCookie.parse(req)
// or if cookies were signed when writing
nodeCookie.parse(req, 'SECRET')
// also if cookies were encrypted
nodeCookie.parse(req, 'SECRET', true)
Returns value for a single cookie by its key. It is
recommended to make use of this function when you
want to pull a single cookie. Since the parse
method will eagerly unsign and decrypt all the
cookies.
Kind: inner method of Cookie
Param | Type | Default | Description |
---|---|---|---|
req | http.IncomingRequest |
||
key | String |
||
[secret] | String |
|
|
[decrypt] | Boolean |
false |
|
[cookies] | Object |
|
Use existing cookies object over re-parsing them from the header. |
Example
nodeCookie.get(req, 'sessionId')
// if cookie was signed
nodeCookie.get(req, 'sessionId', 'SECRET')
// if cookie was encrypted
nodeCookie.get(req, 'sessionId', 'SECRET', true)
Unpack cookie value by unsigning and decrypting
it. Infact you can unpack any value packed via
the packValue
method.
Kind: inner method of Cookie
Param | Type |
---|---|
value | String |
secret | String |
decrypt | Boolean |
Pack the value by properly formatting, signing and encrypting it.
Kind: inner method of Cookie
Param | Type | Default |
---|---|---|
value | String |
|
[secret] | String |
|
[encrypt] | Boolean |
false |
Write cookie to the HTTP response object. It will append
duplicate cookies to the Set-Cookie
header, since
browsers discard the duplicate cookies by themselves
Kind: inner method of Cookie
Param | Type | Default |
---|---|---|
res | http.ServerResponse |
|
key | String |
|
value | * |
|
[options] | Object |
{} |
[secret] | String |
|
[encrypt] | Boolean |
false |
Example
nodeCookie.create(res, 'sessionId', 1)
// sign session id
nodeCookie.create(res, 'sessionId', 1, {}, 'SECRET')
// sign and encrypt session id
nodeCookie.create(res, 'sessionId', 1, {}, 'SECRET', true)
Clears the cookie from browser by setting it's expiry in past. This is required since there is no other way to instruct the browser to delete a cookie.
Also this method will override the expires
value on
the options object.
Kind: inner method of Cookie
Param | Type | Default |
---|---|---|
res | http.ServerResponse |
|
key | String |
|
[options] | Object |
{} |
Example
nodeCookie.clear(res, 'sessionId')