Encrypted Cookies

[nburoojy]

We would like to encrypt cookie contents instead of encode+sign. Would this feature fall within the scope of cookie-parser?

For reference, a similar feature has been requested in cookie-session and cookies:
expressjs/cookie-session#9
pillarjs/cookies#42

[Fishrock123]

Whenever pillarjs/cookies#42 lands

[hex7c0]

Hi, I write https://github.com/hex7c0/cookie-encryption.
maybe for @jonathanong can be useful for his implementation

[ebourmalo]

I was also looking for this option and didn't find anything. I made a super-easy to use express middleware to achieve transparently cookie encryption / decryption: cookie-encrypter.

var app = express();
app.use(cookieParser(secretKey));
app.use(cookieEncrypter(secretKey));

Hope this helps

[aviqbaihaqy]

hi, this is support for laravel encrypted cookie?

[FadhiliNjagi]

Hey, I'm going to attempt to add support for cookie encryption. I am also going to modify the README to highlight the difference between signing and encrypting, and to give tips on creating strong keys.

[FadhiliNjagi]

I'm trying to add cookie encryption to the main express repo, but I run into this when I go to create a PR:

I even created and published a whole npm package just to handle encryption, kind of like cookie-signature. The idea is to add the encryption bit to the main express repo and the decryption bit here. The cookie-encryptor library works, but it is essentially hacking around by creating a middleware that overwrites the res.cookie method. I wanted to add "native" support. Please help.

[FadhiliNjagi]

I am now able to open a PR. Must be a one-time thing.