cookie-node.js

NOTE: This library has been deprecated.

Please use Cookies instead. Not only is it built on the latest version of node.js without any cruft from older versions, but the signing mechanism has been factored out into Keygrip, a more flexible and performant library.

cookie-node is a cookie module for node.js, based loosely on Tornado's approach to signed cookies.

To start, require the library in your app:

var cookie = require( "./cookie-node" );

This extends the ServerRequest and ServerResponse objects, allowing you to get cookies on requests and set them on responses for server calls:

function( req, res ) {
  var name = req.getCookie( "name" ),
      length = name.length;

  res.setCookie( "name_length", length );

  res.writeHead(200, {"Content-Type": "text/html"});	
  res.write( "Your name has " + length + " characters." );	
  res.close();
}

You can also set a cookie secret to enable signed cookies, and prevent forged cookies:

cookie.secret = "myRandomSecretThatNoOneWillGuess";

so that the above becomes:

function( req, res ) {
  var name = req.getSecureCookie( "name" ),
      length = name.length;

  res.setSecureCookie( "name_length", length );

  res.writeHead(200, {"Content-Type": "text/html"});	
  res.write( "Your name has " + length + " characters." );	
  res.close();
}

(You don't need to set the secret, but your cookies will end up being invalidated when the server restarts, and you will be yelled at.)

When you set a secure cookie, the value is stored alongside its expiration date, as well as an HMAC SHA-1 digest of the two values with your secret. If a cookie's signature does not match that calculated on the server, the getSecureCookie method throws.

If you'd like to clear a cookie, just use res.clearCookie( name ).

That's about it. Send any questions or comments here.