Company News
Connect with Socket at RSA and BSidesSF 2024
Come meet the Socket team at BSidesSF and RSA! We're sponsoring several fun networking events and we would love to see you there.
By Sarah Gooding - Apr 15, 2024
cookie-parser
Advanced tools
- Version published
- Maintainers
- 2
- Weekly downloads
- 3,040,572
- decreased by-1.73%
Weekly downloads
Package description
What is cookie-parser?
The cookie-parser npm package is a middleware which parses cookies attached to the client request object. It can parse signed cookies with a secret and populate req.cookies with an object keyed by cookie names. It's commonly used in Express and Connect applications.
What are cookie-parser's main functionalities?
Parse Cookies
This code sets up an Express server that uses cookie-parser to parse cookies from the request. It logs the cookies to the console on a GET request to the root path.
const express = require('express');
const cookieParser = require('cookie-parser');
const app = express();
app.use(cookieParser());
app.get('/', (req, res) => {
console.log('Cookies: ', req.cookies);
res.send('Check the console for cookies');
});
app.listen(3000);Parse Signed Cookies
This code demonstrates how to use cookie-parser to parse signed cookies. The secret provided to cookieParser() is used to validate the signed cookies, which are then available in req.signedCookies.
const express = require('express');
const cookieParser = require('cookie-parser');
const app = express();
app.use(cookieParser('yourSecret')); // Replace 'yourSecret' with your actual secret string
app.get('/', (req, res) => {
console.log('Signed Cookies: ', req.signedCookies);
res.send('Check the console for signed cookies');
});
app.listen(3000);Other packages similar to cookie-parser
express-session
While not exclusively for cookie parsing, express-session is a session management middleware that can handle cookies. It provides more features for managing user sessions, such as storing session data on the server and using a session store that is compatible with Express.
tough-cookie
tough-cookie is a more low-level package for handling cookies in Node.js. It can parse and serialize cookies, and it's designed to be a robust server-side cookie library. It does not integrate with Express/Connect middleware out of the box and requires more manual handling compared to cookie-parser.
cookies
The cookies package is another alternative for handling cookies in Node.js. It provides a higher-level abstraction than tough-cookie and includes features for setting, getting, and managing HTTP cookies. It's similar to cookie-parser but offers a different API and additional capabilities for cookie management.
Readme
cookie-parser
Parse Cookie header and populate req.cookies with an object keyed by the
cookie names. Optionally you may enable signed cookie support by passing a
secret string, which assigns req.secret so it may be used by other
middleware.
Installation
$ npm install cookie-parser
API
var cookieParser = require('cookie-parser')
cookieParser(secret, options)
Create a new cookie parser middleware function using the given secret and
options.
secreta string or array used for signing cookies. This is optional and if not specified, will not parse signed cookies. If a string is provided, this is used as the secret. If an array is provided, an attempt will be made to unsign the cookie with each secret in order.optionsan object that is passed tocookie.parseas the second option. See cookie for more information.decodea function to decode the value of the cookie
The middleware will parse the Cookie header on the request and expose the
cookie data as the property req.cookies and, if a secret was provided, as
the property req.signedCookies. These properties are name value pairs of the
cookie name to cookie value.
When secret is provided, this module will unsign and validate any signed cookie
values and move those name value pairs from req.cookies into req.signedCookies.
A signed cookie is a cookie that has a value prefixed with s:. Signed cookies
that fail signature validation will have the value false instead of the tampered
value.
In addition, this module supports special "JSON cookies". These are cookie where
the value is prefixed with j:. When these values are encountered, the value will
be exposed as the result of JSON.parse. If parsing fails, the original value will
remain.
cookieParser.JSONCookie(str)
Parse a cookie value as a JSON cookie. This will return the parsed JSON value if it was a JSON cookie, otherwise, it will return the passed value.
cookieParser.JSONCookies(cookies)
Given an object, this will iterate over the keys and call JSONCookie on each
value, replacing the original value with the parsed value. This returns the
same object that was passed in.
cookieParser.signedCookie(str, secret)
Parse a cookie value as a signed cookie. This will return the parsed unsigned
value if it was a signed cookie and the signature was valid. If the value was
not signed, the original value is returned. If the value was signed but the
signature could not be validated, false is returned.
The secret argument can be an array or string. If a string is provided, this
is used as the secret. If an array is provided, an attempt will be made to
unsign the cookie with each secret in order.
cookieParser.signedCookies(cookies, secret)
Given an object, this will iterate over the keys and check if any value is a signed cookie. If it is a signed cookie and the signature is valid, the key will be deleted from the object and added to the new object that is returned.
The secret argument can be an array or string. If a string is provided, this
is used as the secret. If an array is provided, an attempt will be made to
unsign the cookie with each secret in order.
Example
var express = require('express')
var cookieParser = require('cookie-parser')
var app = express()
app.use(cookieParser())
app.get('/', function (req, res) {
// Cookies that have not been signed
console.log('Cookies: ', req.cookies)
// Cookies that have been signed
console.log('Signed Cookies: ', req.signedCookies)
})
app.listen(8080)
// curl command that sends an HTTP request with two cookies
// curl http://127.0.0.1:8080 --cookie "Cho=Kim;Greet=Hello"
License
Keywords
FAQs
Parse HTTP request cookies
The npm package cookie-parser receives a total of 2,470,843 weekly downloads. As such, cookie-parser popularity was classified as popular.
We found that cookie-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Last updated on 16 Nov 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
OSI to Lead Discussions on Navigating the Challenges of Doing Business with Open Source
OSI is starting a conversation aimed at removing the excuse of the SaaS loophole for companies navigating licensing and the complexities of doing business with open source.
By Sarah Gooding - Apr 12, 2024
Product
Introducing Dependency Visualization: An Interactive Way to See Dependencies at a Glance
We're introducing dependency visualization for reports - get a quick impression of the state of your dependencies without getting lost in the details.
By Eli Insua - Apr 11, 2024