npm
Sign UpSign In

cookie-derail

0.1.0 • Public • Published

Cookie Derail

Decode, and optionally verify the signature of, unencrypted Ruby on Rails cookies.

Alternative implementations of this require you to change the default serialization format on the Rails app's side to something like JSON - this does not, instead using a basic (hashes/arrays/strings/numbers only) Marshal parser written in javascript.

Usage

var derail = require('cookie-derail');
var token = '3d8(...snip...)3cc5'

// in an HTTP server / express / whatever connection handler
var cookie = req.cookies._app_session;

Decode a cookie, verifying it has not been tampered with using the Rails app's secret token:

var value = derail.decode(req.cookies._app_session, { secret: token });

Decode a cookie, ignoring the signature:

var value = derail.decode(req.cookies._app_session, { verifySignature: false });

If something goes wrong an exception with details will be thrown.

Tests

npm test

TODO

  • encode as well as decode
  • encrypted cookie support

Versions

Current Tags

  • Version
    Downloads (Last 7 Days)
    • Tag
  • 0.1.0
    4
    • latest

Version History

  • Version
    Downloads (Last 7 Days)
    • Published
  • 0.1.0
    4
  • 0.0.1
    2
  • 0.0.0
    2

Package Sidebar

Install

npm i cookie-derail

Repository

github.com/holidayextras/node-cookie-derail

Homepage

github.com/holidayextras/node-cookie-derail

Weekly Downloads

8

Version

0.1.0

License

BSD

Last publish

Collaborators

  • shackpank
  • holidayextras
Try on RunKit
Report malware