HttpOnly not being set

[nickzelei]

I'm building a cookie that uses HttpOnly, but cookie is not outputting the HttpOnly attribute.

cookie.parse("mytoken=test; Domain=.example.com; Path=/; Expires=Thu, 25 Jan 2018 17:21:33 GMT; HttpOnly")

{ mytoken: 'test',
  Domain: '.example.com',
  Path: '/',
  Expires: 'Thu, 25 Jan 2018 17:21:33 GMT' }

[dougwilson]

The cookie.parse function (https://github.com/jshttp/cookie/blob/master/README.md#cookieparsestr-options) only parses the HTTP "Cookie" header. Your example is the HTTP "Set-Cookie" header.

[nickzelei]

My bad, thanks for the clarification!

[nitrocode]

@dougwilson @Zelein I'm confused. If I have httpOnly in my cookie string, how do I get it in the cookie parsed object? Could this be converted to a feature request to have this added?

I'd expect the above example to return:

{ mytoken: 'test',
  Domain: '.example.com',
  Path: '/',
  Expires: 'Thu, 25 Jan 2018 17:21:33 GMT', 
  httpOnly: true }

[nickzelei]

This module only handles the Cookie Header, not the Set-Cookie Header.

Sorry if this is incorrect, I'm coming into this cold having not looked at this since my previous comment.

[nitrocode]

@Zelein Thanks.

Perhaps set-cookie-parser would be more up my alley.

[dougwilson]

No, just use a module that parses the set-cookie header. Many already exist. Why add more duplicate modules?