Plugins
Cookies
Read, set, and delete cookies inside procedures — typed helpers with secure defaults.
Lightweight cookie utilities for Katman handlers. No dependencies. Works with both serve() and handler().
Reading cookies
import { , } from "katman/cookies"
const = k.guard(() => {
const = (.headers, "session")
if (!) throw new KatmanError("UNAUTHORIZED")
return { : }
})
// Or parse all cookies at once
const = (ctx.headers)
// { session: "abc123", theme: "dark" }Setting cookies
setCookie() returns a Set-Cookie header value. Use it with handler() or in a wrap that modifies response headers:
import { } from "katman/cookies"
const = ("session", token, {
: true,
: true,
: "lax",
: 60 * 60 * 24, // 1 day
: "/",
})
// "session=abc123; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=Lax"Deleting cookies
import { } from "katman/cookies"
const = ("session")
// "session=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax"Options
| Option | Type | Default | Description |
|---|---|---|---|
maxAge | number | — | Cookie expiry in seconds from now |
expires | Date | — | Absolute expiry date |
path | string | "/" | Cookie path |
domain | string | — | Cookie domain |
secure | boolean | true in production | HTTPS only |
httpOnly | boolean | true | Prevent JavaScript access |
sameSite | "strict" | "lax" | "none" | "lax" | SameSite policy |
Defaults are secure by design: HttpOnly, SameSite=Lax, and Secure in production. You only need to override when you have a specific reason.
What's next?
- Middleware — use cookie parsing in guards
- Plugins — other available plugins