Cookies

The following Cookies modules are available to use in your EdgeWorker code bundles.

Cookies

This module exports the Cookies object that corresponds to the "Cookie" header.

import {Cookies, SetCookie} from 'cookies';
export function onClientRequest(request) {
  let cookies = new Cookies(request.getHeader('Cookie'));
}

Cookies([cookieHeader], [options])

Constructor for a new "Cookies" object to hold cookies.

Review the table below for information about the possible arguments.

Argument Description Object Type
cookieHeader Passes the raw Cookie header to the constructor to parse. If an array is passed, the first element must be a string that is used as the cookie’s string to parse. If it is not passed, an empty cookies object is returned. (Optional) String
options This object is only used when parsing an existing Cookie header to override the default decode of the Cookie values. This object must have a function named 'decode' on it to return the custom decoding results from the string. (Optional) String 
// Cookie: Cookie1=Value1;Cookie2=Value2;Cookie3=Value3;
  let cookies = new Cookies(request.getHeader('Cookie'));

toHeader([options])

Returns the string value to use when setting the Cookie header, encoding values by default.

Review the table below for information about the possible arguments.

Argument Description Object Type
options The Options object overrides the default encoding of the Set-Cookie values. This object must have a function named 'encode' on it, to return the custom encoding results for the string. (Optional) String 
// 
var setCookie = new SetCookie({name: 'Cookie1', value: 'CookieValue', path: '/'});
response.setHeader('Set-Cookie', setCookie.toHeader());
// ==> Set-Cookie: Cookie1=CookieValue; Path=/;

get(name)

Returns the first instance of the cookie matching the specified cookie name.

Review the table below for information about the possible arguments.

Argument Description Object Type
name Name of first matching cookie String 
// Cookie: Cookie1=Value1;Cookie2=Value2;Cookie3=Value3;
  let cookies = new Cookies(request.getHeader('Cookie'));
  var Cookie1cookie = cookies.get('Cookie1');
// Cookie1cookie ==> "Cookie1"

getAll (name)

Returns all cookie instances matching the specified cookie name.

Review the table below for information about the possible arguments.

Argument Description Object Type
name Name of all matching cookies String 
// Cookie: Cookie1=Value1;Cookie1=Value2;Cookie1=Value3;
  let cookies = new Cookies(request.getHeader('Cookie'));
  var cookievalues = cookies.getAll('Cookie1');
// cookievalues ==> ["Value1", "Value2", "Value3"]

names()

Returns the names of all existing cookies held by the specified cookies object. Array of Strings. 

// Cookie: Cookie1=Value1;Cookie2=Value2;Cookie3=Value3;
 
  let cookies = new Cookies(request.getHeader('Cookie'));
  var cookienames = cookies.names();
 
// cookienames ==> ["Cookie1", "Cookie2", "Cookie3"]

add(name, value)

Adds a cookie to an object containing all the cookies.

Review the table below for information about the possible arguments.

Argument Description Object Type
name Name of the cookie to be added String
value Value of the cookie to be added String 
// Cookie: Cookie1=Value1;Cookie2=Value2;
  let cookies = new Cookies(request.getHeader('Cookie'));
  cookies.add('Cookie3','Value3');
  cookies.toHeader();
// Cookie: Cookie1=Value1;Cookie2=Value2;Cookie3=Value3;

delete(name)

Removes all cookies with a given name.

Review the table below for information about the possible arguments.

Argument Description Object Type
name Name of the cookie to be removed String 
// Cookie: Cookie1=Value1;Cookie2=Value2;Cookie3=Value3;
  let cookies = new Cookies(request.getHeader('Cookie'));
  cookies.delete('Cookie3');
  cookies.toHeader();
// Cookie: Cookie1=Value1;Cookie2=Value2;

SetCookie([cookieHeader], [options])

Constructor for a new "SetCookie" object. Holds s specific Set-Cookie header representation and the SetCookie object that corresponds to the "Set-Cookie" header.

Review the table below for information about the possible arguments.

Argument Description Object Type
cookieHeader Name of the CookieHeader String
options Provides a mechanism to encode the cookie Function 
var cookie = new SetCookie();

name

Sets the cookie name.

var cookie = new SetCookie();
cookie.name = 'Cookie1';
response.setHeader('Set-Cookie', cookie.toHeader());
// Set-Cookie: Cookie1=;

value

Sets the cookie value. 

var cookie = new SetCookie();
cookie.name = 'Cookie1';
cookie.value = 'Value1';
response.setHeader('Set-Cookie', cookie.toHeader());
// Set-Cookie: Cookie1=Value1;

maxAge

Sets the expiry time relative to the current time in seconds. (Optional).

var cookie = new SetCookie();
cookie.name = 'Cookie1';
cookie.value = 'Value1';
cookie.maxAge = 900;
response.setHeader('Set-Cookie', cookie.toHeader());
// Set-Cookie: Cookie1=Value1; Max-Age=900;

domain

Sets the domain name for the cookie. (Optional)

var cookie = new SetCookie();
cookie.name = 'Cookie1';
cookie.value = 'Value1';
cookie.domain = 'example.com';
response.setHeader('Set-Cookie', cookie.toHeader());
// Set-Cookie: Cookie1=Value1; Domain=example.com;

path

Sets the path for the cookie. (Optional)

var cookie = new SetCookie();
cookie.name = 'Cookie1';
cookie.value = 'Value1';
cookie.path = '/';
response.setHeader('Set-Cookie', cookie.toHeader());
// Set-Cookie: Cookie1=Value1; path=/;

expires

Sets the expiry date of the cookie in GMT. If an expiry date is not specified or set to 0, a session cookie is created. (Optional)

var cookie = new SetCookie();
cookie.name = 'Cookie1';
cookie.value = 'Value1';
cookie.expires = new Date('December 17, 1995 03:24:00');
response.setHeader('Set-Cookie', cookie.toHeader());
// Set-Cookie: Cookie1=Value1; Expires=Sun, 17 Dec 1995 03:24:00 GMT;

httpOnly

Helps mitigate the risk of a client side script accessing a protected cookie (if supported by the browser). (Optional)

Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie (if the browser supports it).
var cookie = new SetCookie();
cookie.name = 'Cookie1';
cookie.value = 'Value1';
cookie.httpOnly = true; // true or false
response.setHeader('Set-Cookie', cookie.toHeader());
// Set-Cookie: Cookie1=Value1; HttpOnly;

secure

Specifies the cookies to be used with HTTPS only. (Optional)

var cookie = new SetCookie();
cookie.name = 'Cookie1';
cookie.value = 'Value1';
cookie.secure = true; // true or false
response.setHeader('Set-Cookie', cookie.toHeader());
// Set-Cookie: Cookie1=Value1; Secure;

sameSite

Allows servers to prevent cookies from being sent using cross-site requests (where Site is defined by the registrable domain). This provides some protection against cross-site request forgery attacks (CSRF). (Optional) 
var cookie = new SetCookie();
cookie.name = 'Cookie1';
cookie.value = 'Value1';
cookie.sameSite = 'Strict'; // Strict, Lax, None
response.setHeader('Set-Cookie', cookie.toHeader());
// Set-Cookie: Cookie1=Value1; SameSite=Strict;

toHeader

Returns a string representation of the cookie object allowing it to be a header.

var cookie = new SetCookie();
cookie.name = 'Cookie1';
cookie.value = 'Value1';
cookie.sameSite = 'Strict'; // Strict, Lax, None
response.setHeader('Set-Cookie', cookie.toHeader());
// Set-Cookie: Cookie1=Value1; SameSite=Strict;

options

This object parses an existing Set-Cookie header to override the default decode of the Set-Cookie values. This object must have a function named 'decode' on it, to return the custom decoding results for a string. (Optional)