Set-Cookie Header Parser
set-cookie-parser is a JavaScript/TypeScript library designed to parse `Set-Cookie` HTTP response headers into structured JavaScript objects. It currently stands at stable version 3.1.0 and is actively maintained, with a healthy release cadence and recent updates. The library is highly versatile, accepting various inputs including single header strings, arrays of header strings, Node.js `http.ServerResponse` objects, and `fetch()` `Response` objects. A key differentiator is its ability to return either an array of cookie objects or a map where cookie names are keys, depending on configuration. Each parsed cookie object provides a comprehensive set of attributes, including `name`, `value`, `path`, `domain`, `expires` (as `Date` objects), `maxAge`, `secure`, `httpOnly`, `sameSite`, and `partitioned`. It ships with built-in TypeScript types, ensuring robust type checking and improved developer experience in modern TypeScript projects.
Common errors
-
ReferenceError: parseSetCookie is not defined
cause Attempting to use `parseSetCookie` without correctly importing it as a named export, or using a default import which does not exist.fixFor ES Modules: `import { parseSetCookie } from 'set-cookie-parser';` For CommonJS: `const { parseSetCookie } = require('set-cookie-parser');` -
TypeError: Cannot read properties of undefined (reading 'name') (or similar for cookie properties)
cause This typically occurs when trying to access properties like `name` or `value` on a parsed cookie object, but `parseSetCookie` returned an empty array or `undefined` because no `Set-Cookie` headers were present or the input was invalid.fixAlways check if the `cookies` array (or map) is populated before attempting to access its elements or properties, and ensure the input to `parseSetCookie` is valid and contains `Set-Cookie` headers. -
TypeError: input.headers.get is not a function
cause This error usually occurs when you pass a plain object or an incorrect type to `parseSetCookie` when it expects a `fetch.Response` object. The `fetch.Response` object has a `headers` property which is a `Headers` object, and this object has a `get` method.fixIf you are working with `fetch` responses, ensure you pass the actual `Response` object or its `response.headers` object directly to `parseSetCookie`.
Warnings
- gotcha When setting cookies via `express.js`'s `res.cookie()` method using `maxAge` values obtained from `set-cookie-parser`, remember that `express` expects `maxAge` in milliseconds, while `set-cookie-parser` provides it in seconds. Always multiply `maxAge` by 1000 before passing it to `res.cookie()` to avoid unexpectedly short-lived cookies.
- gotcha The library copies `sameSite` values directly from the `Set-Cookie` header without performing any validation. If the `sameSite` attribute in the header contains an invalid or unexpected string, `set-cookie-parser` will return it verbatim in the parsed cookie object. Consumer applications should implement their own validation if strict adherence to `SameSite` values ('Strict', 'Lax', 'None') is required.
- gotcha The `parseSetCookie` function accepts various inputs including raw strings, arrays of strings, `http.ServerResponse` objects, or `fetch.Response` objects. Passing an `http.IncomingMessage` (request object) instead of a `http.ServerResponse` (response object) might lead to unexpected or empty results, as `Set-Cookie` headers are found on responses, not requests.
Install
-
npm install set-cookie-parser -
yarn add set-cookie-parser -
pnpm add set-cookie-parser
Imports
- parseSetCookie
import setCookieParser from 'set-cookie-parser';
import { parseSetCookie } from 'set-cookie-parser'; - parseSetCookie
const setCookieParser = require('set-cookie-parser'); const cookies = setCookieParser.parseSetCookie(res);const { parseSetCookie } = require('set-cookie-parser'); - Cookie
import type { Cookie } from 'set-cookie-parser';
Quickstart
import * as http from 'node:http';
import { parseSetCookie } from 'set-cookie-parser';
// Example: Fetching from a URL and parsing Set-Cookie headers
http.get('http://example.com', function(res) {
const cookies = parseSetCookie(res, {
decodeValues: true // default: true
});
console.log('Parsed Cookies from example.com:');
if (cookies.length === 0) {
console.log('No Set-Cookie headers found.');
} else {
cookies.forEach(cookie => {
console.log(`- Name: ${cookie.name}, Value: ${cookie.value}`);
if (cookie.expires) console.log(` Expires: ${cookie.expires.toISOString()}`);
if (cookie.maxAge) console.log(` Max-Age: ${cookie.maxAge} seconds`);
if (cookie.domain) console.log(` Domain: ${cookie.domain}`);
if (cookie.path) console.log(` Path: ${cookie.path}`);
if (cookie.secure) console.log(` Secure: true`);
if (cookie.httpOnly) console.log(` HttpOnly: true`);
if (cookie.sameSite) console.log(` SameSite: ${cookie.sameSite}`);
if (cookie.partitioned) console.log(` Partitioned: true`);
console.log('---');
});
}
}).on('error', (e) => {
console.error(`Error fetching: ${e.message}`);
});