Encrypted cookie

Question

Encrypted cookie

ioness opened this issue 5 years ago · comments

ioness commented 5 years ago

Hello!

Would it be a good idea to save cookies encrypted ?

Cheers

Yiyu He · Answer 1 · Tue Aug 06 2019 11:09:54 GMT+0800 (China Standard Time)

hmmm, I'd like to add encryted cookie in koa, I'll do it when I'm free.

ioness · Answer 2 · Tue Aug 06 2019 20:10:47 GMT+0800 (China Standard Time)

How exciting!

I found this lib.

https://github.com/nicokaiser/koa-encrypted-session

It uses koa-sessions options ( encode & decode ) to encrypt/decrypt the cookie

Justin · Answer 3 · Mon Aug 19 2019 20:09:13 GMT+0800 (China Standard Time)

Pull request created for this feature request: #182

Nico Kaiser · Answer 4 · Fri Dec 06 2019 06:57:18 GMT+0800 (China Standard Time)

As @ioness already wrote, there is the koa-encrypted-session module that simply provides encode/decode function for koa-session. It is opinionated (i.e. it uses libsodium for encryption and does not let you choose the algorithm), but that way it can be simple and secure.