Cookies

The following Cookies modules are available to use in your EdgeWorker code bundles.

Cookies This module exports the Cookies object that corresponds to the "Cookie" header.
import {Cookies, SetCookie} from 'cookies';
export function onClientRequest(request) {
  let cookies = new Cookies(request.getHeader('Cookie'));
}
Cookies([cookieHeader], [options]) Constructor for a new "Cookies" object to hold cookies.

cookieHeader Passes the raw Cookie header to the constructor to parse. If an array is passed, the first element must be a string that is used as the cookie’s string to parse. If it is not passed, an empty cookies object is returned. (Optional)

options This object is only used when parsing an existing Cookie header to override the default decode of the Cookie values. This object must have a function named 'decode' on it to return the custom decoding results from the string. (Optional)
// Cookie: foo=foo;bar=bar;foobar=foobar;
  let cookies = new Cookies(request.getHeader('Cookie'));
toHeader([options]) Returns the string value to use when setting the Cookie header, encoding values by default. The Options object overrides the default encoding of the Set-Cookie values. This object must have a function named 'encode' on it, to return the custom encoding results for the string. (Optional)
// 
var setCookie = new SetCookie({name: 'foo', value: 'bar', path: '/'});
response.setHeader('Set-Cookie', setCookie.toHeader());
 
// ==> Set-Cookie: foo=bar; Path=/;
get(name) Returns the first instance of the cookie matching the specified cookie name.
// Cookie: foo=foo;bar=bar;foobar=foobar;
  let cookies = new Cookies(request.getHeader('Cookie'));
  var foocookie = cookies.get('foo');
 
// foocookie ==> "foo"
getAll(name) Returns all cookie instances matching the specified cookie name.
// Cookie: foo=foo;foo=bar;foo=foobar;
  let cookies = new Cookies(request.getHeader('Cookie'));
  var cookievalues = cookies.getAll('foo');
 
// cookievalues ==> ["foo", "bar", "foobar"]
names() Returns the names of all existing cookies held by the specified cookies object. Array of Strings.
// Cookie: foo=foo;bar=bar;foobar=foobar;
  let cookies = new Cookies(request.getHeader('Cookie'));
  var cookienames = cookies.names();
 
// cookienames ==> ["foo", "bar", "foobar"]
add(name, value) Adds a cookie to an object containing all the cookies.
// Cookie: foo=foo;bar=bar;foobar=foobar;
  let cookies = new Cookies(request.getHeader('Cookie'));
  cookies.add('barfoo','barfoo');
  cookies.toHeader();
 
// Cookie: foo=foo;bar=bar;foobar=foobar;barfoo=barfoo;
delete(name) Removes all cookies with a given name.name: String - cookie nameNone.
// Cookie: foo=foo;bar=bar;foobar=foobar;
  let cookies = new Cookies(request.getHeader('Cookie'));
  cookies.delete('bar');
  cookies.toHeader();
 
// Cookie: foo=foo;foobar=foobar;
SetCookie([cookieHeader], [options]) Constructor for a new "SetCookie" object to hold a specific Set-Cookie header representation and the SetCookie object that corresponds to the "Set-Cookie" header.
var cookie = new SetCookie();
name Sets the cookie name.
var cookie = new SetCookie();
cookie.name = 'foo';
response.setHeader('Set-Cookie', cookie.toHeader());
 
// Set-Cookie: foo=;
value Sets the cookie value.
var cookie = new SetCookie();
cookie.value = 'bar';
response.setHeader('Set-Cookie', cookie.toHeader());
 
// Set-Cookie: foo=bar;
maxAge Sets the expiry time relative to the current time in seconds. (Optional).
var cookie = new SetCookie();
cookie.name = 'foo';
cookie.value = 'bar';
cookie.maxAge = 900;
response.setHeader('Set-Cookie', cookie.toHeader());
 
// Set-Cookie: foo=bar; Max-Age=900;
domain Sets the domain name for the cookie. (Optional)
var cookie = new SetCookie();
cookie.name = 'foo';
cookie.value = 'bar';
cookie.domain = 'foo.com';
response.setHeader('Set-Cookie', cookie.toHeader());
 
// Set-Cookie: foo=bar; Domain=foo.com;
path Sets the path for the cookie. (Optional)
var cookie = new SetCookie();
cookie.name = 'foo';
cookie.value = 'bar';
cookie.path = '/';
response.setHeader('Set-Cookie', cookie.toHeader());
 
// Set-Cookie: foo=bar; path=/;
expires Sets the expiry date of the cookie in GMT. If an expiry date is not specified or set to 0, a session cookie is created. (Optional)
var cookie = new SetCookie();
cookie.name = 'foo';
cookie.value = 'bar';
cookie.expires = new Date('December 17, 1995 03:24:00');
response.setHeader('Set-Cookie', cookie.toHeader());
 
// Set-Cookie: foo=bar; Expires=Sun, 17 Dec 1995 03:24:00 GMT;

httpOnly Helps mitigate the risk of a client side script accessing a protected cookie (if supported by the browser). (Optional)

Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie (if the browser supports it).
var cookie = new SetCookie();
cookie.name = 'foo';
cookie.value = 'bar';
cookie.httpOnly = true; // true or false
response.setHeader('Set-Cookie', cookie.toHeader());
 
// Set-Cookie: foo=bar; HttpOnly;
secure Specifies the cookies to be used with HTTPS only. (Optional)
var cookie = new SetCookie();
cookie.name = 'foo';
cookie.value = 'bar';
cookie.secure = true; // true or false
response.setHeader('Set-Cookie', cookie.toHeader());
 
// Set-Cookie: foo=bar; Secure;
sameSite Allows servers to prevent cookies from being sent using cross-site requests (where Site is defined by the registrable domain). This provides some protection against cross-site request forgery attacks (CSRF). (Optional)
var cookie = new SetCookie();
cookie.name = 'foo';
cookie.value = 'bar';
cookie.sameSite = 'Strict'; // Strict, Lax, None
response.setHeader('Set-Cookie', cookie.toHeader());
 
// Set-Cookie: foo=bar; SameSite=Strict;
toHeader Returns a string representation of the cookie object allowing it to be a header.
var cookie = new SetCookie();
cookie.name = 'foo';
cookie.value = 'bar';
cookie.sameSite = 'Strict'; // Strict, Lax, None
response.setHeader('Set-Cookie', cookie.toHeader());
 
// Set-Cookie: foo=bar; SameSite=Strict;

options This object parses an existing Set-Cookie header to override the default decode of the Set-Cookie values. This object must have a function named 'decode' on it, to return the custom decoding results for a string. (Optional)