secure-cookie

secure-cookie

Nodejs cookie library with signing and encryption support. Inspired from cookies and crypto-utils/keygrip

Installation

This library is published in the NPM registry and can be installed using any compatible package manager.

npm install secure-cookie --save

# For Yarn, use the command below.
yarn add secure-cookie

Documentation

Signed Cookies

const {Cookies, KeyStore} = require('secure-cookies')

const app = express()
app.use(Cookies.express({
  signed: true,
  keyStore: new KeyStore({
    signing: {
      keys: ["mysigningkey"]
    }
  })
}))

//In a route handler
app.get('/some-route', function (req, res, next) {
  //This will create a cookie named MC with given value.
  // Because of signing is enabled, a new cookie with MC.sig will also be created
  // and would contain signature of the cookie.
  req.cookies.set('MC', "someValue")
})

Encrypted Cookies

const {Cookies, KeyStore} = require('secure-cookies')

const app = express()

app.use(Cookies.express({
  signed: true,
  keyStore: new KeyStore({
    encryption: {
      keys: ["24bitsecretmustbechanged"]
    }
  })
}))

app.get('/set-cookie', function (req, res, next) {
  //This will create a cookie named MC with and with its encrtypted value.
  req.cookies.set('MC', "someValue")
})
app.get('/get-cookie', function (req, res, next) {
  // get decrypted value without hassle
  const myCookie = req.cookies.get('MC')
  assert.equal(myCookie, "someValue")
})

For all options and internals have a look at to API documentation.

License

Released under MIT License.