feat: idempotent cookies

[akim-bow]

I explained most of the motivation for PR here.
Main points:

• Cookies should be idempotent. This helps with OpenAPI docs a lot.
• Cookie handling should be fast.
• API and behavior should be simple. Caching and validating cache are complications.

This is an example how cookie caching can be implemented via plugin in case someone find this behavior beneficial.

Making decoupled and pluggable architecture ensures that Elysia remains simple and customizable.

Summary by CodeRabbit

• Bug Fixes

  • More consistent Set-Cookie header behavior on cookie updates; repeated updates now produce idempotent header creation.

• Refactor

  • Removed internal hash-based change detection; cookie values are now assigned directly for deterministic updates.
  • Cookie value decoding step removed; JSON parsing and signing/unsigning remain unchanged.

• Tests

  • Updated tests to expect a Set-Cookie header on subsequent requests and reflect idempotent header creation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Removed FNV-1a hash-based change-detection and related caching from the Cookie class; cookie values are assigned directly (no decoding), jar entries are always ensured, and createCookieJar always constructs merged Cookies. Tests updated to expect Set-Cookie on modifications.

Changes

Cohort / File(s)	Summary
Core cookie handler src/cookies.ts	Removed FNV-1a hashString logic and valueHash field, eliminated hash-based cache/invalidation and deep-equality guards. value setter now directly ensures jar entry and assigns values. Removed fast-decode-uri-component import and decode step. createCookieJar Proxy always constructs a merged Cookie.
Cookie tests test/cookie/unchanged.test.ts	Renamed/updated test to expect idempotent Set-Cookie emission on modification; replaced previous assertion that expected no headers with one asserting a truthy Set-Cookie header.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• improve: remove cookie cache #1567: Removes deep-equality/hash optimization and updates tests to reflect always-emitted Set-Cookie — closely related.
• fix: Optimize cookie value comparison using FNV-1a hash #1568: Directly removes the FNV-1a hashing and valueHash cache from src/cookies.ts — strong overlap.
• fix: prevent sending set-cookie header when cookie value is unchanged... #1558: Adjusts Cookie setter/change-detection logic influencing jar writes and Set-Cookie emission — relevant.

Poem

🐰 I hopped through lines with nimble paws,
Scruffed out hashes, repaired the flaws.
Now cookies write in steady tune,
No hidden skips — they hum at noon.
nibbles, hops, and code balloons ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: idempotent cookies' directly summarizes the main change—removing hash-based optimization and making cookies idempotent through simplified value assignment logic.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/elysiajs/elysia@1641

commit: fcf4bdc

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f751caf and 97077a9.

📒 Files selected for processing (2)

• src/cookies.ts
• test/cookie/unchanged.test.ts

🧰 Additional context used

🧬 Code graph analysis (1)

src/cookies.ts (1)

src/index.ts (2)

• Cookie (8176-8176)
• store (248-250)

🔇 Additional comments (5)

src/cookies.ts (4)

128-130: LGTM: Immutable initial configuration.

Making the initial property readonly prevents accidental mutation after construction, which is a good defensive practice.

---

157-160: LGTM: Simplified value assignment.

The value setter now directly assigns without hash-based equality checks, making the behavior deterministic and idempotent. This aligns with the PR objectives.

---

293-296: LGTM: Consistent Cookie instance creation.

The Proxy now always constructs a new Cookie instance with merged configurations, ensuring deterministic behavior. This supports the idempotent goal.

---

323-323: No action needed. The cookie library's parse() function automatically decodes URI components by default, and line 323 correctly uses the decoded value without attempting additional decoding. This is the proper implementation.

test/cookie/unchanged.test.ts (1)

111-111: LGTM: Clearer test name.

The renamed test name "cookie handling should be idempotent" better reflects the PR's objectives.

[akim-bow]

@CodeRabbit review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 97077a9 and 9f9d4e7.

📒 Files selected for processing (2)

• src/cookies.ts
• test/cookie/unchanged.test.ts

🧰 Additional context used

🧬 Code graph analysis (1)

src/cookies.ts (1)

src/index.ts (2)

• Cookie (8176-8176)
• store (248-250)

🔇 Additional comments (5)

src/cookies.ts (3)

157-160: LGTM! Simplified value setter aligns with idempotent behavior.

The removal of hash-based optimization ensures consistent, predictable behavior. Every value assignment now updates the jar, which is intentional for idempotent cookie handling.

---

293-296: LGTM! Consistent cookie construction supports idempotent behavior.

The Proxy now always constructs a new Cookie instance with merged initial and store values, ensuring consistent state for each access. This aligns with the PR's goal of idempotent, predictable cookie handling.

---

323-323: The cookie library's parse() function (v1.1.1) automatically decodes cookie values using decodeURIComponent by default, so the removal of the redundant decode() call is safe and correct.

test/cookie/unchanged.test.ts (2)

111-111: LGTM! Test name accurately reflects idempotent behavior.

The new name "should idempotently create headers on cookie modifications" correctly describes the test's purpose: modifications produce consistent header output regardless of whether the value changed.

---

135-135: LGTM! Assertion aligns with idempotent cookie behavior.

The test correctly expects 1 Set-Cookie header when modifying a cookie, even if the value is the same as the incoming cookie. This validates the idempotent behavior where modifications consistently produce headers.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/cookies.ts (1)

137-141: Line 138 assigns the reference directly and is then immediately overwritten.

Two issues:

1. Line 138 assigns this.initial directly to this.jar[this.name], creating a reference rather than a shallow copy. While line 140 immediately overwrites this assignment, making it effectively dead code, the pattern is inconsistent with line 158 which correctly creates a shallow copy.

2. Line 138 appears redundant since line 140 unconditionally assigns jar to this.jar[this.name], which would create the entry regardless.

🔎 Proposed fix to remove redundant line

 set cookie(jar: ElysiaCookie) {
-	if (!(this.name in this.jar)) this.jar[this.name] = this.initial
 	this.jar[this.name] = jar
 }

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ecef0af and fcf4bdc.

📒 Files selected for processing (2)

• src/cookies.ts
• test/cookie/unchanged.test.ts

🧰 Additional context used

🧬 Code graph analysis (1)

src/cookies.ts (1)

src/index.ts (2)

• Cookie (8176-8176)
• store (248-250)

🔇 Additional comments (4)

test/cookie/unchanged.test.ts (1)

111-136: LGTM! Test correctly validates idempotent cookie behavior.

The test rename and updated assertion correctly reflect the new idempotent behavior where setting a cookie value triggers a Set-Cookie header regardless of whether the value changed. This aligns with the PR objectives to simplify cookie handling by removing hash-based optimization.

src/cookies.ts (3)

128-128: Helpful clarification comment.

The comment effectively explains the purpose of the jar parameter and its relationship to response headers.

---

293-296: Correct implementation for idempotent cookie creation.

Always constructing a new Cookie instance with merged initial values ensures consistent, deterministic behavior. This aligns with the PR objective to simplify cookie handling by removing conditional logic and hash-based optimizations.

---

323-323: Simplified cookie value handling by removing decode step.

The removal of URI decoding is consistent with the PR objectives to simplify cookie handling and remove unnecessary processing. The cookie library's parse function already handles the necessary decoding when parsing the cookie string.