@vs-org/cookie NPM

vs-cookie

This is simple cookie helper for handling cookie operations.

Usage

Create cookie
Note using this function depends on browser, if combination is used that is not validated but also not accepted by browser then cookie will not be saved. Make sure of options before using this function.

const { createCookie } = require("@vs-org/cookie");

const cookie = createCookie({
    name: "test",
    value: "test"
  });

console.log(cookie); // test=test;Priority=Medium

Get unsigned cookie value

const { getCookie } = require("@vs-org/cookie");

const cookie = getCookie("test1=test1; test=test", "test");

console.log(cookie); // "test"

Get signed cookie value

const { getCookie } = require("@vs-org/cookie");

const cookie = getCookie("test1=test1; test=test.hWtzMM7E4KTirRm3N8GZ4DB5E1b9j4DVtMYh4zkwvQ", "test", {secret: "This is cookie signing secret"});

console.log(cookie); // "test%3AhWtzMM7E4KTirRm3N8GZ4DB5E1b9j4DVtMYh4zkwvQ"

Parse all cookies

const { parse } = require("@vs-org/cookie");

const parsedCookies = parse("test1=test1; test=test%3AhWtzMM7E4KTirRm3N8GZ4DB5E1b9j4DVtMYh4zkwvQ");

console.log(parsedCookies); // { test1: 'test1', test: 'test%3AhWtzMM7E4KTirRm3N8GZ4DB5E1b9j4DVtMYh4zkwvQ' }

sign cookie

const { sign } = require("@vs-org/cookie");

const signedCookie = sign("cookieValue","This is cookie signing secret");

console.log(signedCookie); // cookieValue%3A2V92ZahIZBNWU5aJSVZBeFNSMfNTqOl2crexQyKo

sign cookie but use different separtor
a) Package uses : as default separator for cookie and cookie signature. b) If application has cookies containing : then separator can be passed in option to use it to sign cookie. Make sure same separator is used while verifying

const { sign } = require("@vs-org/cookie");

const signedCookie = sign("Cookie :test value", "This is cookie signing secret", { separator: "-" });

console.log(signedCookie); // Cookie%20%3Atest%20value-3KV68YGLG0GrgscHSlFoRyDgvzxaN3o0gT3oBTr7EM

verify cookie signature

const { verify } = require("@vs-org/cookie");

const isValidCookie1 = verify("cookieValue%3A2V92ZahIZBNWU5aJSVZBeFNSMfNTqOl2crexQyKo","This is cookie signing secret");

console.log(isValidCookie1); // true


const isValidCookie2 = verify("cookieValue%3Aabcdefg","This is cookie signing secret");

console.log(isValidCookie2); // false

verify cookie signature with different separator
a) Package uses : as default separator for cookie and cookie signature. b) If application has signed cookies with different separator then separator can be passed in option which will be used for verifying signature.

const { verify } = require("@vs-org/cookie");

const isValidCookie1 = verify("Cookie%20%3Atest%20value-3KV68YGLG0GrgscHSlFoRyDgvzxaN3o0gT3oBTr7EM","This is cookie signing secret", { separator: "-" });

console.log(isValidCookie1); // true

Options

option	type / accepted values	Description
`name`	string	Cookie name, should not contain `( ) < > @ , ; : " /[ ]?={}` or spaces
`value`	string	Cookie value
`encode`	function	By default value will be encoded with `encodeURIComponent` but if custom encoding is required this option can accept encoding function. Note encoding function should always return `string` or else there will unexpected behaviours
`Path`	string	Cookie path, by default current path will be assigned by browser
`Domain`	string	Cookie domain, by default current domain will be assigned by browser
`HttpOnly`	boolean	This attribute indicates, if cookie will accessible to javascript or not
`Max-Age`	number	Cookie expiry in seconds
`Prefix`	`__Secure- , __Host-`	Cookie prefix can be used only when secure is set as true and for HTTPs origins. `__Secure-` (this prefix cookies must be set with secure flag and from HTTPs origin), `__Host-` (can have only path as `/` and cannot have domain. Package will throw error if domain and path is provided along side this option)
`Priority`	`Hight, Mediym, Low`	Prioriy can be set in Chrome browser only as of today. It helps browser decides cookie priority in order to strip cookies in case of limit exceeds
`Secure`	boolean	only send cookies with HTTPS and not HTTP
`SameSite`	`true, Strict, Lax, None`	Cookies used for storing sensetive information like authentication / authenticated session should have short lifetime with SameSite as "Strict" or "Lax"

VS Cookie function signatures

Name	Function signature
`createCookie`	`(cookieOption: VsCookieOption) => string \\| never`
`getCookie`	`(cookies: string, cookieName: string, options?: {decode?: Function; secret?: string; separator?: string;}) => string \\| never`
`parse`	`(cookies: string, decode: Function = decodeURIComponent) => object \\| never`
`sign`	`(cookie: string, secret: string, options: { separator?: string; encode?: Function }) => string \\| never`
`verify`	`(cookie: string, secret: string, options: { separator?: string; decode?: Function }) => boolean \\| never`