Easily parse and write signed & encrypted cookies on Node.js HTTP requests.
node-cookie makes it simpler to create encrypted and signed cookies for HTTP requests.
You can use it with any framework or library of your choice.
const http = require('http')
const nodeCookie = require('node-cookie')
http.createServer(function (req, res) {
// this will update set-cookie header on res object.
nodeCookie.create(res, 'user', 'virk')
}).listen(3000)const http = require('http')
const nodeCookie = require('node-cookie')
http.createServer(function (req, res) {
nodeCookie.create(res, 'user', 'virk', '16charlongsecret')
}).listen(3000)const http = require('http')
const nodeCookie = require('node-cookie')
http.createServer(function (req, res) {
nodeCookie.create(res, 'user', 'virk', '16charlongsecret', true)
}).listen(3000)Cookie parser is a simple utility module to read and write cookies on Node.js HTTP requests. It supports cookie signing and encryption.
- parse(req, [secret], [decrypt]) ⇒
Object - get(req, key, [secret], [decrypt], [cookies]) ⇒
Mixed - unPackValue(value, secret, decrypt) ⇒
String - packValue(value, [secret], [encrypt]) ⇒
String - create(res, key, value, [options], [secret], [encrypt]) ⇒
void - clear(res, key, [options]) ⇒
void
Parses cookies from HTTP header Cookie into
a javascript object. Also it will unsign
and decrypt cookies encrypted and signed
by this library using a secret.
Kind: inner method of Cookie
| Param | Type | Default |
|---|---|---|
| req | http.IncomingRequest |
|
| [secret] | String |
|
| [decrypt] | Boolean |
false |
Example
nodeCookie.parse(req)
// or if cookies were signed when writing
nodeCookie.parse(req, 'SECRET')
// also if cookies were encrypted
nodeCookie.parse(req, 'SECRET', true)Returns value for a single cookie by its key. It is
recommended to make use of this function when you
want to pull a single cookie. Since the parse
method will eagerly unsign and decrypt all the
cookies.
Kind: inner method of Cookie
| Param | Type | Default | Description |
|---|---|---|---|
| req | http.IncomingRequest |
||
| key | String |
||
| [secret] | String |
|
|
| [decrypt] | Boolean |
false |
|
| [cookies] | Object |
|
Use existing cookies object over re-parsing them from the header. |
Example
nodeCookie.get(req, 'sessionId')
// if cookie was signed
nodeCookie.get(req, 'sessionId', 'SECRET')
// if cookie was encrypted
nodeCookie.get(req, 'sessionId', 'SECRET', true)Unpack cookie value by unsigning and decrypting
it. Infact you can unpack any value packed via
the packValue method.
Kind: inner method of Cookie
| Param | Type |
|---|---|
| value | String |
| secret | String |
| decrypt | Boolean |
Pack the value by properly formatting, signing and encrypting it.
Kind: inner method of Cookie
| Param | Type | Default |
|---|---|---|
| value | String |
|
| [secret] | String |
|
| [encrypt] | Boolean |
false |
Write cookie to the HTTP response object. It will append
duplicate cookies to the Set-Cookie header, since
browsers discard the duplicate cookies by themselves
Kind: inner method of Cookie
| Param | Type | Default |
|---|---|---|
| res | http.ServerResponse |
|
| key | String |
|
| value | * |
|
| [options] | Object |
{} |
| [secret] | String |
|
| [encrypt] | Boolean |
false |
Example
nodeCookie.create(res, 'sessionId', 1)
// sign session id
nodeCookie.create(res, 'sessionId', 1, {}, 'SECRET')
// sign and encrypt session id
nodeCookie.create(res, 'sessionId', 1, {}, 'SECRET', true)Clears the cookie from browser by setting it's expiry in past. This is required since there is no other way to instruct the browser to delete a cookie.
Also this method will override the expires value on
the options object.
Kind: inner method of Cookie
| Param | Type | Default |
|---|---|---|
| res | http.ServerResponse |
|
| key | String |
|
| [options] | Object |
{} |
Example
nodeCookie.clear(res, 'sessionId')