set-cookie-parser
Advanced tools
Supply Chain Security
Vulnerability
Quality
Maintenance
License
The set-cookie-parser package is a Node.js module that provides utilities for parsing and splitting the Set-Cookie headers found in HTTP responses. It can be used to extract cookie data in a structured format, making it easier to handle cookies in server-side applications.
Parse Set-Cookie Headers
This feature allows you to parse the Set-Cookie header from an HTTP response and convert it into an array of cookie objects.
const setCookie = require('set-cookie-parser');
const cookies = setCookie.parse(responseHeaders);
// responseHeaders should be the Set-Cookie header string or an array of Set-Cookie header strings.Parse Set-Cookie Headers with options
This feature allows you to parse the Set-Cookie header with additional options, such as returning a map of cookies for easier access by cookie name.
const setCookie = require('set-cookie-parser');
const cookies = setCookie.parse(responseHeaders, { map: true });
// responseHeaders should be the Set-Cookie header string or an array of Set-Cookie header strings. The option { map: true } will return an object map of cookies instead of an array.Split a Set-Cookie string
This feature allows you to split a Set-Cookie header string into an array of individual cookie strings, which can then be parsed separately.
const setCookie = require('set-cookie-parser');
const splitCookies = setCookie.splitCookiesString(cookieHeader);
// cookieHeader should be the full Set-Cookie header string.The 'cookie' package is used for parsing and serializing cookie headers. It provides similar functionalities for parsing cookies but does not focus exclusively on the Set-Cookie header.
The 'tough-cookie' package is a more comprehensive solution for handling cookies in Node.js. It includes parsing, serialization, and cookie jar management, which can store and retrieve cookies like a web browser.
The 'cookies' package is designed to work with Node.js HTTP servers, providing a higher-level API for setting and getting cookies in server-side applications, but it does not specifically focus on parsing Set-Cookie headers.
ℹ️ Note for current users: I'm considering some changes for the next major version and would appreciate your feedback: https://github.com/nfriedly/set-cookie-parser/discussions/68
Parses set-cookie headers into JavaScript objects
Accepts a single set-cookie header value, an array of set-cookie header values, a Node.js response object, or a fetch() Response object that may have 0 or more set-cookie headers.
Also accepts an optional options object. Defaults:
{
decodeValues: true, // Calls decodeURIComponent on each value - default: true
map: false, // Return an object instead of an array - default: false
silent: false, // Suppress the warning that is logged when called on a request instead of a response - default: false
}
Returns either an array of cookie objects or a map of name => cookie object with {map: true}. Each cookie object will have, at a minimum name and value properties, and may have additional properties depending on the set-cookie header:
name - cookie name (string)value - cookie value (string)path - URL path to limit the scope to (string or undefined)domain - domain to expand the scope to (string or undefined, may begin with "." to indicate the named domain or any subdomain of it)expires - absolute expiration date for the cookie (Date object or undefined)maxAge - relative expiration time of the cookie in seconds from when the client receives it (integer or undefined)
maxAge by 1000 to convert to milliseconds.secure - indicates cookie should only be sent over HTTPs (true or undefined)httpOnly - indicates cookie should not be accessible to client-side JavaScript (true or undefined)sameSite - indicates if cookie should be included in cross-site requests (more info) (string or undefined)
"Strict", "Lax", and "None", but set-cookie-parser coppies the value verbatim and does not perform any validation.partitioned - indicates cookie should be scoped to the combination of 3rd party domain + top page domain (more info) (true or undefined)(The output format is loosely based on the input format of https://www.npmjs.com/package/cookie)
$ npm install --save set-cookie-parser
var http = require('http');
var setCookie = require('set-cookie-parser');
http.get('http://example.com', function(res) {
var cookies = setCookie.parse(res, {
decodeValues: true // default: true
});
cookies.forEach(console.log);
}
Example output:
[
{
name: 'bam',
value: 'baz'
},
{
name: 'foo',
value: 'bar',
path: '/',
expires: new Date('Tue Jul 01 2025 06:01:11 GMT-0400 (EDT)'),
maxAge: 1000,
domain: '.example.com',
secure: true,
httpOnly: true,
sameSite: 'lax'
}
]
var http = require('http');
var setCookie = require('set-cookie-parser');
http.get('http://example.com', function(res) {
var cookies = setCookie.parse(res, {
decodeValues: true, // default: true
map: true // default: false
});
var desiredCookie = cookies['session'];
console.log(desiredCookie);
});
Example output:
{
bam: {
name: 'bam',
value: 'baz'
},
foo: {
name: 'foo',
value: 'bar',
path: '/',
expires: new Date('Tue Jul 01 2025 06:01:11 GMT-0400 (EDT)'),
maxAge: 1000,
domain: '.example.com',
secure: true,
httpOnly: true,
sameSite: 'lax'
}
}
This library can be used in conjunction with the cookie library to modify and replace set-cookie headers:
const libCookie = require('cookie');
const setCookie = require('set-cookie-parser');
function modifySetCookie(res){
// parse the set-cookie headers with this library
let cookies = setCookie.parse(res);
// modify the cookies here
// ...
// create new set-cookie headers using the cookie library
res.headers['set-cookie'] = cookies.map(function(cookie) {
return libCookie.serialize(cookie.name, cookie.value, cookie);
});
}
See a real-world example of this in unblocker
React Native follows the Fetch spec more closely and combines all of the Set-Cookie header values into a single string.
The splitCookiesString method reverses this.
var setCookie = require('set-cookie-parser');
var response = fetch(/*...*/);
// This is mainly for React Native; Node.js does not combine set-cookie headers.
var combinedCookieHeader = response.headers.get('Set-Cookie');
var splitCookieHeaders = setCookie.splitCookiesString(combinedCookieHeader)
var cookies = setCookie.parse(splitCookieHeaders);
console.log(cookies); // should be an array of cookies
This behavior may become a default part of parse in the next major release, but requires the extra step for now.
Note that the fetch() spec now includes a getSetCookie() method that provides un-combined Set-Cookie headers. This library will automatically use that method if it is present.
Parses cookies from a string, array of strings, or a http response object.
Always returns an array, regardless of input format. (Unless the map option is set, in which case it always returns an object.)
Parses a single set-cookie header value string. Options default is {decodeValues: true}. Used under-the-hood by parse().
Returns an object.
It's uncommon, but the HTTP spec does allow for multiple of the same header to have their values combined (comma-separated) into a single header.
This method splits apart a combined header without choking on commas that appear within a cookie's value (or expiration date).
Returns an array of strings that may be passed to parse().
MIT © Nathan Friedly
v2.7.1 - 2024-10-21
FAQs
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Koishi plugin silently exfiltrates messages with hex strings to a hardcoded QQ account, exposing secrets in chatbots across platforms.
Research
Security News
Malicious PyPI checkers validate stolen emails against TikTok and Instagram APIs, enabling targeted account attacks and dark web credential sales.
Security News
The Node.js TSC opted not to endorse a feature bounty program, citing concerns about incentives, governance, and project neutrality.