Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Process cookies on each redirect; upgrade to a more compliant cookie jar #58

wants to merge 2 commits into


None yet
2 participants

I've updated shred to process the cookie headers even when redirecting. A few login systems I was testing were infinitely redirecting because cookies would never stick on a 30X response.

Once I fixed this I also noticed that secure cookies were not behaving correctly.

A few reasons why I needed to use a different, more compliant, cookie lib:

  • The cookiejar npm package writes into the global namespace which causes all sorts of issues if you want to load your own cookiejar from an external source (say load from disk).
  • The cookiejar maintainer fixed the global namespace issue 2 years ago and still hasn't pushed the new changes to npm. If you require('cookiejar') any time before shred is initialised it will cause shred to fail.
  • cookiejar requires you to manually specify when you need secure cookies.. rather than parsing the url and doing it automatically.

tough-cookie has made more of a commitment to be relatively RFC compliant and seems to be maintained.


dyoder commented May 17, 2014

The NG (1.0.x) release will be reimplementing cookies. We do plan to use the tough-cookie NPM. See #70.

@dyoder dyoder closed this May 17, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment