Add encryption as a new feature/option to the cookies provided with secret

[sarraf1996]

I have a query and it's related to encryption of the cookies. As of now in case of signed cookies, I can see express module is using the cookie value as it is without tampering it and only appending HMAC encoding technique to sign the cookie using cookie-signature module.

We can also implement cookie encryption for localhost development (http) as a new feature/option having a secret supplied by the user which will provide a more secured way of cookie creation and transmission from server to client and vice versa.

Is this feature/option already in draft or if anyone has been already assigned? In case if not, could you assign this work to me so that I will work towards it and contribute to this module.

Let me know if this new feature/option works for you?

[IamLizu]

cc: @expressjs/express-tc

[wesleytodd]

We would for sure accept and review a PR for this. Although I am not sure I understand why local development would need this feature.

secret supplied by the user which will provide a more secured way of cookie creation and transmission from server to client and vice versa.

The point here in local development is that the request never leaves your machine, so I don't think I understand the need for this in that case. You can already steal or modify your own cookies.