cookie
Parses the Cookie request header into an RFC 6265-compliant cookie jar.
The jar uses dual storage: incoming cookies are accessible as own
properties; outgoing cookies are managed via set() and serialized by
toHeader() into Set-Cookie headers.
Pipeline stage: Negotiation
Import
Section titled “Import”import { cookie } from "@centralping/ergo";Options
Section titled “Options”| Option | Type | Default | Description |
|---|---|---|---|
options | object | — | Forwarded to the RFC 6265 parser (e.g., { max: 50 } for cookie count limit) |
Return Value
Section titled “Return Value”Returns a cookie jar stored at acc.cookies:
acc.cookies.session // "abc123" (incoming cookie, own property)acc.cookies.set(name, value, directives) // queue outgoing cookieacc.cookies.toHeader() // ["session=abc123; HttpOnly; Secure", ...]Jar Methods
Section titled “Jar Methods”| Method | Description |
|---|---|
set(name, value, directives) | Queue an outgoing cookie with optional directives |
get(name) | Get an outgoing cookie object |
clear(name) | Clear an outgoing cookie |
toHeader() | Serialize all outgoing cookies to Set-Cookie header values |
Security
Section titled “Security”- Cookie values are validated against RFC 6265
cookie-octetgrammar - Cookie names must be valid HTTP tokens
- Names that collide with jar methods are silently dropped
- Null-prototype parsing prevents prototype pollution
Error Responses
Section titled “Error Responses”None.
import { compose, cookie } from "@centralping/ergo";
const pipeline = compose( {fn: cookie(), setPath: "cookies"}, (req, res, acc) => { const session = acc.cookies.session; acc.cookies.set("visited", "true", { httpOnly: true, sameSite: "Strict", }); return { response: { body: { session } } }; },);router.get("/dashboard", { cookie: {}, execute: (req, res, acc) => ({ response: { body: { session: acc.cookies.session } }, }),});RFC References
Section titled “RFC References”API Reference
Section titled “API Reference”See the auto-generated cookie API docs.