Skip to content

Cookies

Jump to bottom
Anton edited this page Dec 19, 2019 · 8 revisions

The default export of the package, Cookies implements the constructor and the methods to get and set cookies.

Cookies: The interface for Cookies: signed and unsigned cookies based on Keygrip.

Name Type & Description
constructor new (request: !http.IncomingMessage, response: !http.ServerResponse, options?: !CookiesOptions) => Cookies
Creates a new cookies object to handle cookies.
keys !Keygrip
The keys object constructed from passed keys (private, will be installed from options).
secure boolean
Explicitly specifies if the connection is secure (private, will be installed from options).
get (name: string, opts?: { signed: boolean }) => (string | undefined)
This extracts the cookie with the given name from the Cookie header in the request. If such a cookie exists, its value is returned. Otherwise, nothing is returned. { signed: true } can optionally be passed as the second parameter options. In this case, a signature cookie (a cookie of same name ending with the .sig suffix appended) is fetched. If no such cookie exists, nothing is returned. If the signature cookie does exist, the provided Keygrip object is used to check whether the hash of cookie-name=cookie-value matches that of any registered key:
  • If the signature cookie hash matches the first key, the original cookie value is returned.
  • If the signature cookie hash matches any other key, the original cookie value is returned AND an outbound header is set to update the signature cookie's value to the hash of the first key. This enables automatic freshening of signature cookies that have become stale due to key rotation.
  • If the signature cookie hash does not match any key, nothing is returned, and an outbound header with an expired date is used to delete the cookie.
    		•
    set (name: string, value?: ?string, attributes?: !CookieSetOptions) => void
    This sets the given cookie in the response and returns the current context to allow chaining. If the value is omitted, an outbound header with an expired date is used to delete the cookie.

    CookieSetOptions extends CookieAttributes: How the cookie will be set.

    Name Type Description Default
    signed boolean Indicating whether the cookie is to be signed. If this is true, another cookie of the same name with the .sig suffix appended will also be sent, with a 27-byte url-safe base64 SHA1 value representing the hash of cookie-name=cookie-value against the first Keygrip key. This signature key is used to detect tampering the next time a cookie is received. false
    Art Deco © Art Deco for Idio 2019 Idio Tech Nation Visa Tech Nation Visa Sucks
    Clone this wiki locally