Changes around cookies management

The eco-system packages like encryption has received a face lift, where it makes encryption even more stronger than before. Check the encryption release for more info.

Because of the encryption facelift, we have improved the security of cookies and changed the way we used to parse them on every HTTP request.

Cookies related changes

• The cookies cannot be swapped with each other. This is a common vulnerability in many frameworks, where you can swap the values of two cookies on the client and server will have no idea about it. Rails is the only one, that can detect this swap and now AdonisJS does it too.
• Earlier we were parsing all the cookies, as soon as you read one or more cookies. This can be used as a trick to make your servers process unnecessary cookies set by the client, just for the purpose of keeping the server busy. Now, we lazily unpack cookies, as you ask for them. This means the cookies and plainCookies methods have been removed from the request object and you can use cookiesList to see an object of unpacked cookies.
• We added support for encrypted cookies, alongside with signed cookies. The signed cookies are great, but they can decoded on the client side to read the values. This itself is not a threat, since no one can modify the original value. However, at times cookies can contain sensitive information and want to avoid the client from decoding it. For that purpose, you can use encryptedCookies

Changes to the types

We unnecessary added the Contract prefix to all the types earlier. Now, we are removing them. Yes, it can be inconvenience, but the earlier we do it, the easier the change will be

Commits

• style: inline constructor arguments 31de574
• docs(README): update example block bd3722c
• style: adding required docblocks 029f80f
• refactor: cleanup of interface and types names 9e36d1e
• refactor: drop unncessary dependencies and self implement cookie parser and serializer 8ec1796

v1.8.2...v2.0.0