# Node Cookie > Easily parse and write signed & encrypted cookies on Node.js HTTP requests. [![NPM Version][npm-image]][npm-url] [![Build Status][travis-image]][travis-url] [![Appveyor][appveyor-image]][appveyor-url] [![Coveralls][coveralls-image]][coveralls-url]

`node-cookie` makes it simpler to create **encrypted** and **signed** cookies for HTTP requests. You can use it with any framework or library of your choice. ## See also 1. [node-req](https://npmjs.org/package/node-req) 2. [node-res](https://npmjs.org/package/node-res) ## Basic Setup ```javascript const http = require('http') const nodeCookie = require('node-cookie') http.createServer(function (req, res) { // this will update set-cookie header on res object. nodeCookie.create(res, 'user', 'virk') }).listen(3000) ``` ## Signing cookies with a secret ```javascript const http = require('http') const nodeCookie = require('node-cookie') http.createServer(function (req, res) { nodeCookie.create(res, 'user', 'virk', '16charlongsecret') }).listen(3000) ``` ## Signing & encrypting cookies with a secret ```javascript const http = require('http') const nodeCookie = require('node-cookie') http.createServer(function (req, res) { nodeCookie.create(res, 'user', 'virk', '16charlongsecret', true) }).listen(3000) ``` ## API ## Cookie Cookie parser is a simple utility module to read and write cookies on Node.js HTTP requests. It supports cookie signing and encryption. * [parse(req, [secret], [decrypt])](#module_Cookie..parse) ⇒ Object * [get(req, key, [secret], [decrypt], [cookies])](#module_Cookie..get) ⇒ Mixed * [unPackValue(value, secret, decrypt)](#module_Cookie..unPackValue) ⇒ String * [packValue(value, [secret], [encrypt])](#module_Cookie..packValue) ⇒ String * [create(res, key, value, [options], [secret], [encrypt])](#module_Cookie..create) ⇒ void * [clear(res, key, [options])](#module_Cookie..clear) ⇒ void ### parse(req, [secret], [decrypt]) ⇒ Object Parses cookies from HTTP header `Cookie` into a javascript object. Also it will unsign and decrypt cookies encrypted and signed by this library using a secret. **Kind**: inner method of [Cookie](#module_Cookie) | Param | Type | Default | | --- | --- | --- | | req | http.IncomingRequest | | | [secret] | String | | | [decrypt] | Boolean | false | **Example** ```js nodeCookie.parse(req) // or if cookies were signed when writing nodeCookie.parse(req, 'SECRET') // also if cookies were encrypted nodeCookie.parse(req, 'SECRET', true) ``` ### get(req, key, [secret], [decrypt], [cookies]) ⇒ Mixed Returns value for a single cookie by its key. It is recommended to make use of this function when you want to pull a single cookie. Since the `parse` method will eagerly unsign and decrypt all the cookies. **Kind**: inner method of [Cookie](#module_Cookie) | Param | Type | Default | Description | | --- | --- | --- | --- | | req | http.IncomingRequest | | | | key | String | | | | [secret] | String | | | | [decrypt] | Boolean | false | | | [cookies] | Object | | Use existing cookies object over re-parsing them from the header. | **Example** ```js nodeCookie.get(req, 'sessionId') // if cookie was signed nodeCookie.get(req, 'sessionId', 'SECRET') // if cookie was encrypted nodeCookie.get(req, 'sessionId', 'SECRET', true) ``` ### unPackValue(value, secret, decrypt) ⇒ String Unpack cookie value by unsigning and decrypting it. Infact you can unpack any value packed via the `packValue` method. **Kind**: inner method of [Cookie](#module_Cookie) | Param | Type | | --- | --- | | value | String | | secret | String | | decrypt | Boolean | ### packValue(value, [secret], [encrypt]) ⇒ String Pack the value by properly formatting, signing and encrypting it. **Kind**: inner method of [Cookie](#module_Cookie) | Param | Type | Default | | --- | --- | --- | | value | String | | | [secret] | String | | | [encrypt] | Boolean | false | ### create(res, key, value, [options], [secret], [encrypt]) ⇒ void Write cookie to the HTTP response object. It will append duplicate cookies to the `Set-Cookie` header, since browsers discard the duplicate cookies by themselves **Kind**: inner method of [Cookie](#module_Cookie) | Param | Type | Default | | --- | --- | --- | | res | http.ServerResponse | | | key | String | | | value | \* | | | [options] | Object | {} | | [secret] | String | | | [encrypt] | Boolean | false | **Example** ```js nodeCookie.create(res, 'sessionId', 1) // sign session id nodeCookie.create(res, 'sessionId', 1, {}, 'SECRET') // sign and encrypt session id nodeCookie.create(res, 'sessionId', 1, {}, 'SECRET', true) ``` ### clear(res, key, [options]) ⇒ void Clears the cookie from browser by setting it's expiry in past. This is required since there is no other way to instruct the browser to delete a cookie. Also this method will override the `expires` value on the options object. **Kind**: inner method of [Cookie](#module_Cookie) | Param | Type | Default | | --- | --- | --- | | res | http.ServerResponse | | | key | String | | | [options] | Object | {} | **Example** ```js nodeCookie.clear(res, 'sessionId') ``` [appveyor-image]: https://img.shields.io/appveyor/ci/thetutlage/node-cookie/master.svg?style=flat-square [appveyor-url]: https://ci.appveyor.com/project/thetutlage/node-cookie [npm-image]: https://img.shields.io/npm/v/node-cookie.svg?style=flat-square [npm-url]: https://npmjs.org/package/node-cookie [travis-image]: https://img.shields.io/travis/poppinss/node-cookie/master.svg?style=flat-square [travis-url]: https://travis-ci.org/poppinss/node-cookie [coveralls-image]: https://img.shields.io/coveralls/poppinss/node-cookie/develop.svg?style=flat-square [coveralls-url]: https://coveralls.io/github/poppinss/node-cookie