How to use cookie-signature - 10 common examples
To help you get started, we’ve selected a few cookie-signature examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
ymichael / puton / node_modules / express / node_modules / connect / lib / middleware / session.js View on Github 
, tls = req.connection.encrypted || (trustProxy && 'https' == proto)
, secured = cookie.secure && tls
, isNew = unsignedCookie != req.sessionID;
// only send secure cookies via https
if (cookie.secure && !secured) return debug('not secured');
// browser-session length cookie
if (null == cookie.expires) {
if (!isNew) return debug('already set browser-session cookie');
// compare hashes and ids
} else if (originalHash == hash(req.session) && originalId == req.session.id) {
return debug('unmodified session');
}
var val = 's:' + signature.sign(req.sessionID, secret);
val = cookie.serialize(key, val);
debug('set-cookie %s', val);
res.setHeader('Set-Cookie', val);
});function setsecret(req, res, sessionKey, val, cookie) {
if (cookie) {
// set secret on cookie
if (cookie.signed) {
var secret = req.secret
if (!secret) {
throw new Error('cookieParser("secret") required for signed cookies')
}
val = 's:' + sign(val, secret)
}
setcookie(res, cookie.key, val, cookie);
} else if (req[sessionKey]) {
// set secret on session
req[sessionKey].csrfSecret = val
} else {
/* istanbul ignore next: should never actually run */
throw new Error('misconfigured csrf')
}
}res.cookie = function(name, val, options){
options = mixin({}, options);
var secret = this.req.secret;
var signed = options.signed;
if (signed && !secret) throw new Error('cookieParser("secret") required for signed cookies');
if ('number' == typeof val) val = val.toString();
if ('object' == typeof val) val = 'j:' + JSON.stringify(val);
if (signed) val = 's:' + sign(val, secret);
if ('maxAge' in options) {
options.expires = new Date(Date.now() + options.maxAge);
options.maxAge /= 1000;
}
if (null == options.path) options.path = '/';
var headerVal = cookie.serialize(name, String(val), options);
// supports multiple 'res.cookie' calls by getting previous value
var prev = this.get('Set-Cookie');
if (prev) {
if (Array.isArray(prev)) {
headerVal = prev.concat(headerVal);
} else {
headerVal = [prev, headerVal];
}
}res.cookie = function(name, val, options){
options = merge({}, options);
var secret = this.req.secret;
var signed = options.signed;
if (signed && !secret) throw new Error('cookieParser("secret") required for signed cookies');
if ('number' == typeof val) val = val.toString();
if ('object' == typeof val) val = 'j:' + JSON.stringify(val);
if (signed) val = 's:' + sign(val, secret);
if ('maxAge' in options) {
options.expires = new Date(Date.now() + options.maxAge);
options.maxAge /= 1000;
}
if (null == options.path) options.path = '/';
var headerVal = cookie.serialize(name, String(val), options);
// supports multiple 'res.cookie' calls by getting previous value
var prev = this.get('Set-Cookie');
if (prev) {
if (Array.isArray(prev)) {
headerVal = prev.concat(headerVal);
} else {
headerVal = [prev, headerVal];
}
}options = merge({}, options);
var secret = req.secret;
var signed = options.signed;
if (signed && !secret) {
throw new Error('cookieParser("secret") required for signed cookies');
}
if ('number' === typeof val) {
val = val.toString();
}
if ('object' === typeof val) {
val = 'j:' + JSON.stringify(val);
}
if (signed) {
val = 's:' + sign(val, secret);
}
if ('maxAge' in options) {
options.expires = new Date(Date.now() + options.maxAge);
options.maxAge /= 1000;
}
if (null == options.path) {
options.path = '/';
}
var headerVal = cookie.serialize(name, String(val), options);
// supports multiple 'res.cookie' calls by getting previous value
var prev = res.getHeader('Set-Cookie');
if (prev) {
if (Array.isArray(prev)) {, tls = req.connection.encrypted || (trustProxy && 'https' == proto)
, secured = cookie.secure && tls
, isNew = unsignedCookie != req.sessionID;
// only send secure cookies via https
if (cookie.secure && !secured) return debug('not secured');
// browser-session length cookie
if (null == cookie.expires) {
if (!isNew) return debug('already set browser-session cookie');
// compare hashes and ids
} else if (originalHash == hash(req.session) && originalId == req.session.id) {
return debug('unmodified session');
}
var val = 's:' + signature.sign(req.sessionID, secret);
val = cookie.serialize(key, val);
debug('set-cookie %s', val);
res.setHeader('Set-Cookie', val);
});if (!callback) {
promise = new Promise(function(res, rej) {
callback = function(err, result) {
err ? rej(err) : res(result)
}
})
}
// read dynamo session table
let name = process.env.SESSION_TABLE_NAME || 'arc-sessions'
let secret = process.env.ARC_APP_SECRET || process.env.ARC_APP_NAME || 'fallback'
// TODO: uppercase 'Cookie' is not the header name on AWS Lambda; it's
// lowercase 'cookie' on lambda...
let jar = cookie.parse(request.headers && request.headers.Cookie? request.headers.Cookie || '': '')
let sesh = jar.hasOwnProperty('_idx')
let valid = unsign(jar._idx || '', secret)
// find or create a new session
let exec = sesh && valid? find.bind({}, name) : create.bind({}, name)
let params = sesh && valid? valid : {}
exec(params, callback)
return promise
}const config = new Config()
config.set('app.appKey', SECRET)
const response = new Response(new Request(req, res), config)
response.cookie('cart_total', '20')
response.send('')
response.end()
})
const { headers } = await supertest(server).get('/').expect(200)
const encrypter = simpleEncryptor({
key: SECRET,
hmac: false
})
assert.strictEqual(
sig.unsign(
encrypter.decrypt(querystring.unescape(headers['set-cookie'][0].replace('cart_total=', ''))).replace('s:', ''),
SECRET
),
'20'
)
})res.cookie = function (name, value, options) {
var opts = merge({}, options);
var secret = this.req.secret;
var signed = opts.signed;
if (signed && !secret) {
throw new Error('cookieParser("secret") required for signed cookies');
}
var val = typeof value === 'object'
? 'j:' + JSON.stringify(value)
: String(value);
if (signed) {
val = 's:' + sign(val, secret);
}
if ('maxAge' in opts) {
opts.expires = new Date(Date.now() + opts.maxAge);
opts.maxAge /= 1000;
}
if (opts.path == null) {
opts.path = '/';
}
this.append('Set-Cookie', cookie.serialize(name, String(val), opts));
return this;
};res.cookie = function(name, val, options){
options = utils.merge({}, options);
var secret = this.req.secret;
var signed = options.signed;
if (signed && !secret) throw new Error('connect.cookieParser("secret") required for signed cookies');
if ('number' == typeof val) val = val.toString();
if ('object' == typeof val) val = 'j:' + JSON.stringify(val);
if (signed) val = 's:' + sign(val, secret);
if ('maxAge' in options) {
options.expires = new Date(Date.now() + options.maxAge);
options.maxAge /= 1000;
}
if (null == options.path) options.path = '/';
this.set('Set-Cookie', cookie.serialize(name, String(val), options));
return this;
};
