@vs-org/cookie
Advanced tools
This is simple cookie helper for handling cookie operations like create cookie, get cookie (signed or unsigned), sign cookie with secret, verify cookie signature, parse cookies from cookie string
This is simple cookie helper for handling cookie operations.
Create cookie
Note using this function depends on browser, if combination is used that is not validated but also not accepted by browser then cookie will not be saved. Make sure of options before using this function.
const { createCookie } = require("@vs-org/cookie");
const cookie = createCookie({
name: "test",
value: "test"
});
console.log(cookie); // test=test;Priority=Medium
const { getCookie } = require("@vs-org/cookie");
const cookie = getCookie("test1=test1; test=test", "test");
console.log(cookie); // "test"
const { getCookie } = require("@vs-org/cookie");
const cookie = getCookie("test1=test1; test=test.hWtzMM7E4KTirRm3N8GZ4DB5E1b9j4DVtMYh4zkwvQ", "test", {secret: "This is cookie signing secret"});
console.log(cookie); // "test%3AhWtzMM7E4KTirRm3N8GZ4DB5E1b9j4DVtMYh4zkwvQ"
const { parse } = require("@vs-org/cookie");
const parsedCookies = parse("test1=test1; test=test%3AhWtzMM7E4KTirRm3N8GZ4DB5E1b9j4DVtMYh4zkwvQ");
console.log(parsedCookies); // { test1: 'test1', test: 'test%3AhWtzMM7E4KTirRm3N8GZ4DB5E1b9j4DVtMYh4zkwvQ' }
const { sign } = require("@vs-org/cookie");
const signedCookie = sign("cookieValue","This is cookie signing secret");
console.log(signedCookie); // cookieValue%3A2V92ZahIZBNWU5aJSVZBeFNSMfNTqOl2crexQyKo
sign cookie but use different separtor
a) Package uses : as default separator for cookie and cookie signature.
b) If application has cookies containing : then separator can be passed in option to use it to sign cookie. Make sure same separator is used while verifying
const { sign } = require("@vs-org/cookie");
const signedCookie = sign("Cookie :test value", "This is cookie signing secret", { separator: "-" });
console.log(signedCookie); // Cookie%20%3Atest%20value-3KV68YGLG0GrgscHSlFoRyDgvzxaN3o0gT3oBTr7EM
const { verify } = require("@vs-org/cookie");
const isValidCookie1 = verify("cookieValue%3A2V92ZahIZBNWU5aJSVZBeFNSMfNTqOl2crexQyKo","This is cookie signing secret");
console.log(isValidCookie1); // true
const isValidCookie2 = verify("cookieValue%3Aabcdefg","This is cookie signing secret");
console.log(isValidCookie2); // false
verify cookie signature with different separator
a) Package uses : as default separator for cookie and cookie signature.
b) If application has signed cookies with different separator then separator can be passed in option which will be used for verifying signature.
const { verify } = require("@vs-org/cookie");
const isValidCookie1 = verify("Cookie%20%3Atest%20value-3KV68YGLG0GrgscHSlFoRyDgvzxaN3o0gT3oBTr7EM","This is cookie signing secret", { separator: "-" });
console.log(isValidCookie1); // true
| option | type / accepted values | Description |
|---|---|---|
name | string | Cookie name, should not contain ( ) < > @ , ; : " /[ ]?={} or spaces |
value | string | Cookie value |
encode | function | By default value will be encoded with encodeURIComponent but if custom encoding is required this option can accept encoding function. Note encoding function should always return string or else there will unexpected behaviours |
Path | string | Cookie path, by default current path will be assigned by browser |
Domain | string | Cookie domain, by default current domain will be assigned by browser |
HttpOnly | boolean | This attribute indicates, if cookie will accessible to javascript or not |
Max-Age | number | Cookie expiry in seconds |
Prefix | __Secure- , __Host- | Cookie prefix can be used only when secure is set as true and for HTTPs origins. __Secure- (this prefix cookies must be set with secure flag and from HTTPs origin), __Host- (can have only path as / and cannot have domain. Package will throw error if domain and path is provided along side this option) |
Priority | Hight, Mediym, Low | Prioriy can be set in Chrome browser only as of today. It helps browser decides cookie priority in order to strip cookies in case of limit exceeds |
Secure | boolean | only send cookies with HTTPS and not HTTP |
SameSite | true, Strict, Lax, None | Cookies used for storing sensetive information like authentication / authenticated session should have short lifetime with SameSite as "Strict" or "Lax" |
| Name | Function signature |
|---|---|
createCookie | (cookieOption: VsCookieOption) => string | never |
getCookie | (cookies: string, cookieName: string, options?: {decode?: Function; secret?: string; separator?: string;}) => string | never |
parse | (cookies: string, decode: Function = decodeURIComponent) => object | never |
sign | (cookie: string, secret: string, options: { separator?: string; encode?: Function }) => string | never |
verify | (cookie: string, secret: string, options: { separator?: string; decode?: Function }) => boolean | never |
This package is experimental and not production ready. Should only be used for developement or POC. Also this package is not actively maintained.
MIT (see LICENSE)
FAQs
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.