npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

encrypted-cookie-session

v1.7.1

Published

Encrypted cookie based session middleware

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

choosy-powwow-mortifychoosy-powwow-mortify

Keywords

expressroutersessionmiddleware

Readme

Encrypted Cookie Session

Encrypted Cookie Session is a middleware for managing encrypted cookie-based sessions in your Express.js applications. This ensures that sensitive session data is securely stored on the cookie.

Features

  • Encryption: Encrypts session data to prevent users from reading the session data.
  • Ease of Use: Simple integration with your existing Express.js framework.
  • Security: Protects against session hijacking and data tampering.

Installation

To install the package, use npm:

npm install encrypted-cookie-session

Usage

Basic Setup

  1. Import and configure the middleware in your Express.js application:
const express = require('express');
const cookieSession = require('encrypted-cookie-session');

const app = express();

app.use(cookieSession({
  keys: [Buffer.from('a3c7a2aa31e6abf736d537dbc99d769119cba30454f5ee05f4af2252e97d27be', 'hex')]
}));

app.get('/', (req, res) => {
  req.session.key = 'value';
  res.send('Session data saved!');
});

app.listen(3000, () => {
  console.log('Server is running on port 3000');
});

Deleting the session

Deleting the session is as easy as setting the session to {}

app.get("/logout", (req,res,next) => {
    req.session = {}
    next();
})

Configuration Options

  • keys(required):

    • Description: An array of secret keys used for encrypting and decrypting the session data. This allows for key rotation. Each key must be 32 bytes. The data is always encrypted using keys[0] but can be decrypted with each one of the keys
    • Type: crypto.CipherKey[]
    • Code Example:
      app.use(cookieSession({
  keys: [Buffer.from('a3c7a2aa31e6abf736d537dbc99d769119cba30454f5ee05f4af2252e97d27be', 'hex'), Buffer.from('8ca500040ec4bbd8aedaafc83393547761946cb20dc49bb01c86b389187a387e', 'hex')]       
}));

  • name:

    • Description: The name of the session cookie.
    • Type: String
    • Default: 'session'
    • Code Example:
      app.use(cookieSession({
  name: 'my_session_cookie',
}));

  • cookieOptions.maxAge:

    • Description: The maximum age of the session cookie in milliseconds. This determines how long the session will be valid.
    • Type: Number
    • Code Example:
      app.use(cookieSession({
  cookieOptions: {
      maxAge: 7 * 24 * 60 * 60 * 1000 // 1 week
  }
}));

  • cookieOptions.secure:

    • Description: Ensures the cookie is only sent over HTTPS. This is highly recommended for production environments to enhance security.
    • Type: Boolean
    • Code Example:
      app.use(cookieSession({
  cookieOptions: {
      secure: true
  }
}));

  • cookieOptions.httpOnly:

    • Description: Ensures the cookie is not accessible via JavaScript, which helps mitigate certain types of attacks such as cross-site scripting (XSS).
    • Type: Boolean
    • Code Example:
      app.use(cookieSession({
  cookieOptions: {
      httpOnly: true
}
}));

  • cookieOptions.sameSite:

    • Description: Controls whether the cookie is sent with cross-site requests, providing some protection against cross-site request forgery (CSRF) attacks.
    • Type: String
    • Code Example:
      app.use(cookieSession({
  cookieOptions: {
      sameSite: 'Strict'
  }
}));

Dynamic cookie options

You can choose the cookie options based on the request using sessionOptions.cookieOptions

req.get("/", (req,res,next) => {
    req.sessionOptions.cookieOptions.maxAge = 7 * 24 * 60 * 60 * 1000 // 1 week
    next()
})

Checking for new session

New session can be checked using sessionOptions.isNew

req.get("/login", (req,res,next) => {
    if(req.sessionOptions.isNew) {
        // do login
    } else {
        return res.redirect("/")
    }
})

These examples should help you configure the encrypted-cookie-session middleware to suit your application's needs. If you have any more questions or need further assistance, feel free to ask!

Key Rotation

For added security, you can rotate your encryption keys periodically. Add the new key to your configuration and keep the old key temporarily to avoid invalidating active sessions:

app.use(cookieSession({
  keys: [
      Buffer.from('a3c7a2aa31e6abf736d537dbc99d769119cba30454f5ee05f4af2252e97d27be', 'hex'), // current key
      Buffer.from('8ca500040ec4bbd8aedaafc83393547761946cb20dc49bb01c86b389187a387e', 'hex') // old key
  ],
}));

Contributing

Contributions are welcome! Please fork the repository and submit a pull request with your changes.

License

This project is licensed under the MIT License. See the LICENSE file for details.

Acknowledgements

Special thanks to all contributors and the open-source community for their support.

Feel free to customize this README to better fit your project's specifics! If you have any other questions or need further assistance, just let me know.