node-cookie

Node Cookie

Easily parse and write signed & encrypted cookies on Node.js HTTP requests.

node-cookie makes it simpler to create encrypted and signed cookies for HTTP requests.

You can use it with any framework or library of your choice.

See also

• node-req
• node-res

Basic Setup

const http = require('http')
const nodeCookie = require('node-cookie')

http.createServer(function (req, res) {

  // this will update set-cookie header on res object.
  nodeCookie.create(res, 'user', 'virk')

}).listen(3000)

Signing cookies with a secret

const http = require('http')
const nodeCookie = require('node-cookie')

http.createServer(function (req, res) {

  nodeCookie.create(res, 'user', 'virk', '16charlongsecret')

}).listen(3000)

Signing & encrypting cookies with a secret

const http = require('http')
const nodeCookie = require('node-cookie')

http.createServer(function (req, res) {

  nodeCookie.create(res, 'user', 'virk', '16charlongsecret', true)

}).listen(3000)

API

Cookie

Cookie parser is a simple utility module to read and write cookies on Node.js HTTP requests. It supports cookie signing and encryption.

• parse(req, [secret], [decrypt]) ⇒ Object
• get(req, key, [secret], [decrypt], [cookies]) ⇒ Mixed
• unPackValue(value, secret, decrypt) ⇒ String
• packValue(value, [secret], [encrypt]) ⇒ String
• create(res, key, value, [options], [secret], [encrypt]) ⇒ void
• clear(res, key, [options]) ⇒ void

parse(req, [secret], [decrypt]) ⇒ Object

Parses cookies from HTTP header Cookie into a javascript object. Also it will unsign and decrypt cookies encrypted and signed by this library using a secret.

Kind: inner method of Cookie

Param	Type	Default
req	http.IncomingRequest
[secret]	String
[decrypt]	Boolean	false

Example

nodeCookie.parse(req)

// or if cookies were signed when writing
nodeCookie.parse(req, 'SECRET')

// also if cookies were encrypted
nodeCookie.parse(req, 'SECRET', true)

get(req, key, [secret], [decrypt], [cookies]) ⇒ Mixed

Returns value for a single cookie by its key. It is recommended to make use of this function when you want to pull a single cookie. Since the parse method will eagerly unsign and decrypt all the cookies.

Kind: inner method of Cookie

Param	Type	Default	Description
req	http.IncomingRequest
key	String
[secret]	String
[decrypt]	Boolean	false
[cookies]	Object		Use existing cookies object over re-parsing them from the header.

Example

nodeCookie.get(req, 'sessionId')

// if cookie was signed
nodeCookie.get(req, 'sessionId', 'SECRET')

// if cookie was encrypted
nodeCookie.get(req, 'sessionId', 'SECRET', true)

unPackValue(value, secret, decrypt) ⇒ String

Unpack cookie value by unsigning and decrypting it. Infact you can unpack any value packed via the packValue method.

Kind: inner method of Cookie

Param	Type
value	String
secret	String
decrypt	Boolean

packValue(value, [secret], [encrypt]) ⇒ String

Pack the value by properly formatting, signing and encrypting it.

Kind: inner method of Cookie

Param	Type	Default
value	String
[secret]	String
[encrypt]	Boolean	false

create(res, key, value, [options], [secret], [encrypt]) ⇒ void

Write cookie to the HTTP response object. It will append duplicate cookies to the Set-Cookie header, since browsers discard the duplicate cookies by themselves

Kind: inner method of Cookie

Param	Type	Default
res	http.ServerResponse
key	String
value	*
[options]	Object	{}
[secret]	String
[encrypt]	Boolean	false

Example

nodeCookie.create(res, 'sessionId', 1)

// sign session id
nodeCookie.create(res, 'sessionId', 1, {}, 'SECRET')

// sign and encrypt session id
nodeCookie.create(res, 'sessionId', 1, {}, 'SECRET', true)

clear(res, key, [options]) ⇒ void

Clears the cookie from browser by setting it's expiry in past. This is required since there is no other way to instruct the browser to delete a cookie.

Also this method will override the expires value on the options object.

Kind: inner method of Cookie

Param	Type	Default
res	http.ServerResponse
key	String
[options]	Object	{}

Example

nodeCookie.clear(res, 'sessionId')