const server = http.createServer((req, res) => { const cookies = new Cookies(req, res); new Cookies(req, res, {keys: []}); new Cookies(req, res, {keys: new Keygrip([])}); new Cookies(req, res, {secure: true}); let unsigned: string; let signed: string; let tampered: string; if (req.url === "/set") { cookies // set a regular cookie .set("unsigned", "foo", { httpOnly: false }) // set a signed cookie .set("signed", "bar", { signed: true }) // mimic a signed cookie, but with a bogus signature .set("tampered", "baz") .set("tampered.sig", "bogus") // sameSite option .set("samesite", "same", {sameSite: 'lax'}) .set("samesite", "same", {sameSite: 'strict'}) .set("samesite", "same", {sameSite: false}); res.writeHead(302, { Location: "/" }); res.end("Now let's check."); return; } unsigned = cookies.get("unsigned"); signed = cookies.get("signed", { signed: true }); tampered = cookies.get("tampered", { signed: true }); res.writeHead(200, { "Content-Type": "text/plain" }); res.end( `unsigned expected: foo unsigned actual: ${unsigned} signed expected: bar signed actual: ${signed} tampered expected: undefined tampered: ${tampered} `); });
/** * called by UserContext constructor * returns ai_user cookie if one exists, creates new cookie otherwise and returns guid */ public static getUserId(request, response): string { var cookies = new Cookies(request, response); var userId = ''; var userCookie = cookies.get('ai_user'); if (!userCookie) { userId = uuid.v4(); var value = 'id:' + userId + '|acq:' + this.localDate(new Date()); cookies.set('ai_user', value); } else { userId = userCookie.substring(userCookie.indexOf(':'), userCookie.indexOf('|')); } return userId; }
const server = http.createServer((req, res) => { const cookies = new Cookies(req, res); let unsigned: string, signed: string, tampered: string; if (req.url === "/set") { cookies // set a regular cookie .set("unsigned", "foo", { httpOnly: false }) // set a signed cookie .set("signed", "bar", { signed: true }) // mimic a signed cookie, but with a bogus signature .set("tampered", "baz") .set("tampered.sig", "bogus"); res.writeHead(302, { Location: "/" }); return res.end("Now let's check."); } unsigned = cookies.get("unsigned"); signed = cookies.get("signed", { signed: true }); tampered = cookies.get("tampered", { signed: true }); res.writeHead(200, { "Content-Type": "text/plain" }); res.end( "unsigned expected: foo\n\n" + "unsigned actual: " + unsigned + "\n\n" + "signed expected: bar\n\n" + "signed actual: " + signed + "\n\n" + "tampered expected: undefined\n\n" + "tampered: " + tampered + "\n\n" ); });
/** * called by SessionContext constructor * returns ai_session cookie and updates acces time if one exists and has not timed out * other wise creates new cookie and returns guid */ public static getSessionId(request, response): string { var cookies = new Cookies(request, response); var sessionId = ''; var value = ''; var curDate = new Date(); var sessionCookie = cookies.get('ai_session'); if (!sessionCookie) { sessionId = uuid.v4(); value = 'id:' + sessionId + '|acq:' + this.localDate(curDate) + '|acq:' + new Date().getTime(); } else { sessionId = sessionCookie.substring(sessionCookie.indexOf(':'), sessionCookie.indexOf('|')); var renewDate = sessionCookie.substring(sessionCookie.indexOf(':', sessionCookie.indexOf('acq:')+4), sessionCookie.length); if (curDate.getTime() - renewDate > 1800000) { sessionId = uuid.v4(); value = 'id:' + sessionId + '|acq:' + this.localDate(curDate) + '|acq:' + curDate.getTime(); } else { var acqDate = sessionCookie.substring(sessionCookie.indexOf('acq:') + 3, sessionCookie.indexOf('|', sessionCookie.indexOf('acq:') + 3)); value = 'id:' + sessionId + '|acq:' + acqDate + '|acq:' + curDate.getTime(); } } cookies.set('ai_session', value); return sessionId; }