Have ideas to improve npm?Join in the discussion! »

    cookie-derail

    0.1.0 • Public • Published

    Cookie Derail

    Decode, and optionally verify the signature of, unencrypted Ruby on Rails cookies.

    Alternative implementations of this require you to change the default serialization format on the Rails app's side to something like JSON - this does not, instead using a basic (hashes/arrays/strings/numbers only) Marshal parser written in javascript.

    Usage

    var derail = require('cookie-derail');
    var token = '3d8(...snip...)3cc5'
     
    // in an HTTP server / express / whatever connection handler
    var cookie = req.cookies._app_session;

    Decode a cookie, verifying it has not been tampered with using the Rails app's secret token:

    var value = derail.decode(req.cookies._app_session, { secret: token });

    Decode a cookie, ignoring the signature:

    var value = derail.decode(req.cookies._app_session, { verifySignature: false });

    If something goes wrong an exception with details will be thrown.

    Tests

    npm test

    TODO

    • encode as well as decode
    • encrypted cookie support

    Install

    npm i cookie-derail

    DownloadsWeekly Downloads

    4

    Version

    0.1.0

    License

    BSD

    Last publish

    Collaborators

    • avatar
    • avatar