Skip to main content
Deno 2 is finally here 🎉️
Learn more
Go to Latest
The Standard Library has been moved to JSR. See the blog post for details.
class SecureCookieMap
extends CookieMapBase
import { SecureCookieMap } from "https://deno.land/std@0.203.0/http/cookie_map.ts";

Provides an way to manage cookies in a request and response on the server as a single iterable collection, as well as the ability to sign and verify cookies to prevent tampering.

The methods and properties align to Map, but due to the need to support asynchronous cryptographic keys, all the APIs operate async. When constructing a Request or Headers from the request need to be provided, as well as optionally the Response or Headers for the response can be provided. Alternatively the mergeHeaders function can be used to generate a final set of headers for sending in the response.

On construction, the optional set of keys implementing the KeyRing interface. While it is optional, if you don't plan to use keys, you might want to consider using just the CookieMap.

Constructors

new
SecureCookieMap(request: Headers | Headered, options?: SecureCookieMapOptions)

Properties

readonly
size: Promise<number>

Is set to a promise which resolves with the number of cookies in the Request.

Methods

Sets all cookies in the Request to be deleted in the response.

delete(key: string, options?: SecureCookieMapSetDeleteOptions): Promise<boolean>

Set a cookie to be deleted in the response.

This is a convenience function for set(key, null, options?).

entries(): AsyncIterableIterator<[string, string]>

Iterate over the Request cookies, yielding up a tuple containing the key and value of each cookie.

If a key ring was provided, only properly signed cookie keys and values are returned.

get(key: string, options?: SecureCookieMapGetOptions): Promise<string | undefined>

Get the value of a cookie from the Request.

If the cookie is signed, and the signature is invalid, undefined will be returned and the cookie will be set to be deleted in the response. If the cookie is using an "old" key from the keyring, the cookie will be re-signed with the current key and be added to the response to be updated.

has(key: string, options?: SecureCookieMapGetOptions): Promise<boolean>

Returns true if the key is in the Request.

If the cookie is signed, and the signature is invalid, false will be returned and the cookie will be set to be deleted in the response. If the cookie is using an "old" key from the keyring, the cookie will be re-signed with the current key and be added to the response to be updated.

keys(): AsyncIterableIterator<string>

Iterate over the request's cookies, yielding up the key of each cookie.

If a keyring was provided, only properly signed cookie keys are returned.

set(
key: string,
value: string | null,
): Promise<this>

Set a cookie in the response headers.

If there was a keyring set, cookies will be automatically signed, unless overridden by the passed options. Cookies can be deleted by setting the value to null.

values(): AsyncIterableIterator<string>

Iterate over the request's cookies, yielding up the value of each cookie.

If a keyring was provided, only properly signed cookie values are returned.

[Symbol.asyncIterator](): AsyncIterableIterator<[string, string]>

Iterate over the Request cookies, yielding up a tuple containing the key and value of each cookie.

If a key ring was provided, only properly signed cookie keys and values are returned.