expressjs
Add encryption as a new feature/option to the cookies provided with secret
I have a query and it's related to encryption of the cookies. As of now in case of signed cookies, I can see express module is using the cookie value as it is without tampering it and only appending HMAC encoding technique to sign the cookie using cookie-signature module.
We can also implement cookie encryption for localhost development (http) as a new feature/option having a secret supplied by the user which will provide a more secured way of cookie creation and transmission from server to client and vice versa.
Is this feature/option already in draft or if anyone has been already assigned? In case if not, could you assign this work to me so that I will work towards it and contribute to this module.
Let me know if this new feature/option works for you?
We would for sure accept and review a PR for this. Although I am not sure I understand why local development would need this feature.
secret supplied by the user which will provide a more secured way of cookie creation and transmission from server to client and vice versa.
The point here in local development is that the request never leaves your machine, so I don't think I understand the need for this in that case. You can already steal or modify your own cookies.
