Skip to content

Optimize stringifyCookie by 2x for cookie-octet values#269

Open
saripovdenis wants to merge 7 commits into
jshttp:masterfrom
saripovdenis:perf/encode-fast-path
Open

Optimize stringifyCookie by 2x for cookie-octet values#269
saripovdenis wants to merge 7 commits into
jshttp:masterfrom
saripovdenis:perf/encode-fast-path

Conversation

@saripovdenis
Copy link
Copy Markdown
Contributor

@saripovdenis saripovdenis commented Apr 28, 2026
edited
Loading

stringifyCookie Optimization

Optimizes default cookie encoding by skipping encodeURIComponent when values are already roundtrip-safe cookie-octets.

% is still encoded to preserve roundtrip behavior:

stringifyCookie({ foo: "%20" }) // foo=%2520
parseCookie("foo=%2520")        // { foo: "%20" }

Benchmarks

Higher hz is better. Measured on Node 24.15.0.

case before hz after hz speedup
empty 38,598,774.76 40,958,547.67 1.06x
simple 11,020,607.14 16,615,825.47 1.51x
rfc cookie-octets 7,463,520.33 15,267,614.96 2.05x
encode 8,424,626.32 7,635,768.40 0.91x
undefined values 5,783,315.75 8,068,459.56 1.40x
mixed encode 3,977,455.71 4,320,201.87 1.09x
10 cookies 1,297,376.60 1,895,381.87 1.46x
100 cookies 130,578.34 179,100.23 1.37x

Summary

  • rfc cookie-octets: 2.05x faster
  • simple: 1.51x faster
  • 10 cookies: 1.46x faster
  • 100 cookies: 1.37x faster
  • encode case: 0.91x, slower because it checks the fast-path regexp before falling back to encodeURIComponent

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 28, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (4898ba2) to head (d7b2a91).
⚠️ Report is 29 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##            master      #269    +/-   ##
==========================================
  Coverage   100.00%   100.00%            
==========================================
  Files            1         1            
  Lines          160       260   +100     
  Branches        69       118    +49     
==========================================
+ Hits           160       260   +100

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@saripovdenis
Copy link
Copy Markdown
Contributor Author

saripovdenis commented Apr 28, 2026

@blakeembrey what do you think about this tradeoff?

@blakeembrey
Copy link
Copy Markdown
Member

blakeembrey commented Apr 28, 2026

This looks pretty great! I think it's worth the trade-off.

One question, should we just allow all RFC valid values through without encoding? It may differ slightly from encodeURIComponent (haven't checked) but might allow more values to skip encoding altogether without any regression in behavior.

@saripovdenis saripovdenis changed the title Optimize stringify-cookie by ~38% for non-empty non-encoded values Optimize stringify-cookie by ~90% for RFC-allowed values May 2, 2026
@saripovdenis
Copy link
Copy Markdown
Contributor Author

saripovdenis commented May 2, 2026
edited
Loading

This looks pretty great! I think it's worth the trade-off.

One question, should we just allow all RFC valid values through without encoding? It may differ slightly from encodeURIComponent (haven't checked) but might allow more values to skip encoding altogether without any regression in behavior.

Great idea!

Some cases would have different behaviour

stringifyCookie({ foo: "a=b" })
// before: foo=a%3Db
// after:  foo=a=b

But overall looks like a great win from perf side!

I pushed code accordingly

@saripovdenis
Copy link
Copy Markdown
Contributor Author

saripovdenis commented May 6, 2026

Hi @blakeembrey

Friendly ping~
Anything I can do to move this PR forward?

@blakeembrey
Copy link
Copy Markdown
Member

blakeembrey commented May 7, 2026

There's an existing regex cookieValueRegExp, and the difference is " and , support. Should we use the same regex or do you think those need to be encoded? And if we think they must be encoded, should we change cookieValueRegExp instead to be stricter? Otherwise a custom encoding can still use those values.

@blakeembrey
Copy link
Copy Markdown
Member

blakeembrey commented May 7, 2026

Also I'm planning to land this in a new major version to eliminate concerns around breaking changes.

If you want this in the current version I can cherry pick your original commit, just let me know.

blakeembrey
blakeembrey reviewed May 7, 2026
View reviewed changes
Comment thread src/stringify-cookie.bench.ts Outdated
blakeembrey
blakeembrey reviewed May 8, 2026
View reviewed changes
Comment thread src/index.ts Outdated
@saripovdenis
Copy link
Copy Markdown
Contributor Author

saripovdenis commented May 11, 2026

There's an existing regex cookieValueRegExp, and the difference is " and , support. Should we use the same regex or do you think those need to be encoded? And if we think they must be encoded, should we change cookieValueRegExp instead to be stricter? Otherwise a custom encoding can still use those values.

In vacuum I would make cookieValueRegExp stricter, but I think you had a spicy issue here haha
#191

so I would keep cookieValueRegExp the same as now to be more permissive for people who need it

@saripovdenis saripovdenis changed the title Optimize stringify-cookie by ~90% for RFC-allowed values Optimize stringifyCookie by 2x for cookie-octet values May 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blakeembrey blakeembrey blakeembrey left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@saripovdenis @blakeembrey