cookie-signature

Sign and unsign cookies.

Options

var cookie = require('@streamovations/cookie-signature')({ algo: 'RSA-SHA3-512', digest: 'base64' });

or

var cookie = require('@streamovations/cookie-signature');
cookie.setOptions(({ algo: 'RSA-SHA3-512', digest: 'base64' }));

Example

var cookie = require('cookie-signature');

var val = cookie.sign('hello', 'tobiiscool');
val.should.equal('hello.DGDUkGlIkCzPz+C0B064FNgHdEjox7ch8tOBGslZ5QI');

var val = cookie.sign('hello', 'tobiiscool');
cookie.unsign(val, 'tobiiscool').should.equal('hello');
cookie.unsign(val, 'luna').should.be.false;

License

MIT.

See LICENSE file for details.

1.1.1 / 2020-04-05

• fork - add crypto options for sign

1.1.0 / 2018-01-18

• switch to built-in crypto.timingSafeEqual for validation instead of previous double-hash method (thank you @jodevsa!)

1.0.6 / 2015-02-03

• use npm test instead of make test to run tests
• clearer assertion messages when checking input

1.0.5 / 2014-09-05

• add license to package.json

1.0.4 / 2014-06-25

• corrected avoidance of timing attacks (thanks @tenbits!)

1.0.3 / 2014-01-28

• [incorrect] fix for timing attacks

1.0.2 / 2014-01-28

• fix missing repository warning
• fix typo in test

1.0.1 / 2013-04-15

• Revert "Changed underlying HMAC algo. to sha512."
• Revert "Fix for timing attacks on MAC verification."

0.0.1 / 2010-01-03

• Initial release