node package manager

node-cookie

Node Cookie

Easily parse and write signed & encrypted cookies on Node.js HTTP requests.

NPM Version Build Status Appveyor Coveralls

node-cookie makes it simpler to create encrypted and signed cookies for HTTP requests.

You can use it with any framework or library of your choice.

See also

  1. node-req
  2. node-res

Basic Setup

const http = require('http')
const nodeCookie = require('node-cookie')
 
http.createServer(function (req, res) {
 
  // this will update set-cookie header on res object.
  nodeCookie.create(res, 'user', 'virk')
 
}).listen(3000)

Signing cookies with a secret

const http = require('http')
const nodeCookie = require('node-cookie')
 
http.createServer(function (req, res) {
 
  nodeCookie.create(res, 'user', 'virk', '16charlongsecret')
 
}).listen(3000)

Signing & encrypting cookies with a secret

const http = require('http')
const nodeCookie = require('node-cookie')
 
http.createServer(function (req, res) {
 
  nodeCookie.create(res, 'user', 'virk', '16charlongsecret', true)
 
}).listen(3000)

API

Cookie

Cookie parser is a simple utility module to read and write cookies on Node.js HTTP requests. It supports cookie signing and encryption.

parse(req, [secret], [decrypt]) ⇒ Object

Parses cookies from HTTP header Cookie into a javascript object. Also it will unsign and decrypt cookies encrypted and signed by this library using a secret.

Kind: inner method of Cookie

Param Type Default
req http.IncomingRequest
[secret] String
[decrypt] Boolean false

Example

nodeCookie.parse(req)
 
// or if cookies were signed when writing
nodeCookie.parse(req, 'SECRET')
 
// also if cookies were encrypted
nodeCookie.parse(req, 'SECRET', true)

get(req, key, [secret], [decrypt], [cookies]) ⇒ Mixed

Returns value for a single cookie by its key. It is recommended to make use of this function when you want to pull a single cookie. Since the parse method will eagerly unsign and decrypt all the cookies.

Kind: inner method of Cookie

Param Type Default Description
req http.IncomingRequest
key String
[secret] String
[decrypt] Boolean false
[cookies] Object Use existing cookies object over re-parsing them from the header.

Example

nodeCookie.get(req, 'sessionId')
 
// if cookie was signed
nodeCookie.get(req, 'sessionId', 'SECRET')
 
// if cookie was encrypted
nodeCookie.get(req, 'sessionId', 'SECRET', true)

unPackValue(value, secret, decrypt) ⇒ String

Unpack cookie value by unsigning and decrypting it. Infact you can unpack any value packed via the packValue method.

Kind: inner method of Cookie

Param Type
value String
secret String
decrypt Boolean

packValue(value, [secret], [encrypt]) ⇒ String

Pack the value by properly formatting, signing and encrypting it.

Kind: inner method of Cookie

Param Type Default
value String
[secret] String
[encrypt] Boolean false

create(res, key, value, [options], [secret], [encrypt]) ⇒ void

Write cookie to the HTTP response object. It will append duplicate cookies to the Set-Cookie header, since browsers discard the duplicate cookies by themselves

Kind: inner method of Cookie

Param Type Default
res http.ServerResponse
key String
value *
[options] Object {}
[secret] String
[encrypt] Boolean false

Example

nodeCookie.create(res, 'sessionId', 1)
 
// sign session id
nodeCookie.create(res, 'sessionId', 1, {}, 'SECRET')
 
// sign and encrypt session id
nodeCookie.create(res, 'sessionId', 1, {}, 'SECRET', true)

clear(res, key, [options]) ⇒ void

Clears the cookie from browser by setting it's expiry in past. This is required since there is no other way to instruct the browser to delete a cookie.

Also this method will override the expires value on the options object.

Kind: inner method of Cookie

Param Type Default
res http.ServerResponse
key String
[options] Object {}

Example

nodeCookie.clear(res, 'sessionId')