cookies
cookies copied to clipboard
encrypted cookies
thinking of the implementation.
- if decryption fails (i.e. tampered), should it throw an error or just return null? or make it an option? i'd prefer throwing and unsetting, but people might not like that. returning null isn't bad, but people like me would want to know if funny business is going on, however unlikely
- encryption uses different digest methods than keys. i'm thinking about removing the
hmacAlgorithm
option from keygrip and replace it withbit length
, defaulting to256 -> 'sha256' && 'aes256'
. then add.encrypt()
and.decrypt()
methods for encryption. thoughts? @jed
damn this shit is super convoluted now. i'm just going to rewrite this library ~_~
I was also looking for this option and didn't find anything. I made a super-easy to use express middleware to achieve transparently cookie encryption / decryption: cookie-encrypter.
var app = express();
app.use(cookieParser(secretKey));
app.use(cookieEncrypter(secretKey));
Hope this helps
@dougwilson What kind of help is still needed here? I saw in the keygrip conversation that you mentioned a PR (not sure which one) was merged back in 2015. How can I help?