fix: optimize cookie value comparison using FNV-1a hash

- Add FNV-1a hash function for fast object comparison
- Use hash-based comparison to avoid unnecessary cookie updates
- Cache JSON.stringify result to avoid duplicate serialization
- Improve code comments explaining hash comparison logic
- Add comprehensive tests for repeated identical values and large objects
- Rename hashObject to hashString for clarity

Author: YasserGomma

src/cookies.ts

@@ -8,6 +8,22 @@ import { InvalidCookieSignature } from './error'
 import type { Context } from './context'
 import type { Prettify } from './types'
 
+// FNV-1a hash for fast string hashing
+const hashString = (str: string): number => {
+	const FNV_OFFSET_BASIS = 2166136261
+	const FNV_PRIME = 16777619
+
+	let hash = FNV_OFFSET_BASIS
+	const len = str.length
+
+	for (let i = 0; i < len; i++) {
+		hash ^= str.charCodeAt(i)
+		hash = Math.imul(hash, FNV_PRIME)
+	}
+
+	return hash >>> 0
+}
+
 export interface CookieOptions {
 	/**
 	 * Specifies the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.3|Domain Set-Cookie attribute}. By default, no
@@ -125,6 +141,8 @@ export type ElysiaCookie = Prettify<
 type Updater<T> = T | ((value: T) => T)
 
 export class Cookie<T> implements ElysiaCookie {
+	private valueHash?: number
+
 	constructor(
 		private name: string,
 		private jar: Record<string, ElysiaCookie>,
@@ -162,18 +180,33 @@ export class Cookie<T> implements ElysiaCookie {
 		// Simple equality check
 		if (current === value) return
 
-		// For objects, do a deep equality check
+		// For objects, use hash-based comparison for performance
+		// Note: Uses JSON.stringify for comparison, so key order matters
+		// { a: 1, b: 2 } and { b: 2, a: 1 } are treated as different values
 		if (
 			typeof current === 'object' &&
 			current !== null &&
 			typeof value === 'object' &&
 			value !== null
 		) {
 			try {
-				if (JSON.stringify(current) === JSON.stringify(value)) return
-			} catch {
-				// If stringify fails, proceed with setting the value
-			}
+				// Cache stringified value to avoid duplicate stringify calls
+				const valueStr = JSON.stringify(value)
+				const newHash = hashString(valueStr)
+
+				// If hash differs from cached hash, value definitely changed
+				if (this.valueHash !== undefined && this.valueHash !== newHash) {
+					this.valueHash = newHash
+				}
+				// First set (valueHash undefined) OR hashes match: do deep comparison
+				else {
+					if (JSON.stringify(current) === valueStr) {
+						this.valueHash = newHash
+						return // Values are identical, skip update
+					}
+					this.valueHash = newHash
+				}
+			} catch {}
 		}
 
 		// Only create entry in jar if value actually changed

test/cookie/unchanged.test.ts

@@ -106,4 +106,83 @@ describe('Cookie - Unchanged Values', () => {
 
 		expect(response.headers.getAll('set-cookie').length).toBeGreaterThan(0)
 	})
+
+	it('should not send set-cookie header when setting same object value as incoming cookie', async () => {
+		const app = new Elysia().post('/update', ({ cookie: { data } }) => {
+			// Set to same value as incoming cookie
+			data.value = { id: 123, name: 'test' }
+			return 'ok'
+		})
+
+		// First request: set the cookie
+		const firstRes = await app.handle(
+			new Request('http://localhost/update', { method: 'POST' })
+		)
+		const setCookie = firstRes.headers.get('set-cookie')
+		expect(setCookie).toBeTruthy()
+
+		// Second request: send cookie back and set to same value
+		const secondRes = await app.handle(
+			new Request('http://localhost/update', {
+				method: 'POST',
+				headers: {
+					cookie: setCookie!.split(';')[0]
+				}
+			})
+		)
+
+		// Should not send Set-Cookie since value didn't change
+		expect(secondRes.headers.getAll('set-cookie').length).toBe(0)
+	})
+
+	it('should not send set-cookie header for large unchanged object values', async () => {
+		const large = {
+			users: Array.from({ length: 100 }, (_, i) => ({
+				id: i,
+				name: `User ${i}`
+			}))
+		}
+
+		const app = new Elysia().post('/update', ({ cookie: { data } }) => {
+			data.value = large
+			return 'ok'
+		})
+
+		// First request: set the cookie
+		const firstRes = await app.handle(
+			new Request('http://localhost/update', { method: 'POST' })
+		)
+		const setCookie = firstRes.headers.get('set-cookie')
+		expect(setCookie).toBeTruthy()
+
+		// Second request: send cookie back and set to same value
+		const secondRes = await app.handle(
+			new Request('http://localhost/update', {
+				method: 'POST',
+				headers: {
+					cookie: setCookie!.split(';')[0]
+				}
+			})
+		)
+
+		// Should not send Set-Cookie since value didn't change
+		expect(secondRes.headers.getAll('set-cookie').length).toBe(0)
+	})
+
+	it('should optimize multiple assignments of same object in single request', async () => {
+		const app = new Elysia().post('/multi', ({ cookie: { data } }) => {
+			// Multiple assignments of the same value
+			data.value = { id: 123, name: 'test' }
+			data.value = { id: 123, name: 'test' }
+			data.value = { id: 123, name: 'test' }
+			return 'ok'
+		})
+
+		const res = await app.handle(
+			new Request('http://localhost/multi', { method: 'POST' })
+		)
+
+		// Should only produce one Set-Cookie header
+		expect(res.headers.getAll('set-cookie').length).toBe(1)
+	})
 })