Merge pull request #1568 from YasserGomma/fix/cookie-hash-optimization

fix: Optimize cookie value comparison using FNV-1a hash

Author: SaltyAom

src/cookies.ts

@@ -8,6 +8,22 @@ import { InvalidCookieSignature } from './error'
 import type { Context } from './context'
 import type { Prettify } from './types'
 
+// FNV-1a hash for fast string hashing
+const hashString = (str: string): number => {
+	const FNV_OFFSET_BASIS = 2166136261
+	const FNV_PRIME = 16777619
+
+	let hash = FNV_OFFSET_BASIS
+	const len = str.length
+
+	for (let i = 0; i < len; i++) {
+		hash ^= str.charCodeAt(i)
+		hash = Math.imul(hash, FNV_PRIME)
+	}
+
+	return hash >>> 0
+}
+
 export interface CookieOptions {
 	/**
 	 * Specifies the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.3|Domain Set-Cookie attribute}. By default, no
@@ -125,6 +141,8 @@ export type ElysiaCookie = Prettify<
 type Updater<T> = T | ((value: T) => T)
 
 export class Cookie<T> implements ElysiaCookie {
+	private valueHash?: number
+
 	constructor(
 		private name: string,
 		private jar: Record<string, ElysiaCookie>,
@@ -139,6 +157,8 @@ export class Cookie<T> implements ElysiaCookie {
 		if (!(this.name in this.jar)) this.jar[this.name] = this.initial
 
 		this.jar[this.name] = jar
+		// Invalidate hash cache when jar is modified directly
+		this.valueHash = undefined
 	}
 
 	protected get setCookie() {
@@ -156,7 +176,44 @@ export class Cookie<T> implements ElysiaCookie {
 	}
 
 	set value(value: T) {
-		this.setCookie.value = value;
+		// Check if value actually changed before creating entry in jar
+		const current = this.cookie.value
+
+		// Simple equality check
+		if (current === value) return
+
+		// For objects, use hash-based comparison for performance
+		// Note: Uses JSON.stringify for comparison, so key order matters
+		// { a: 1, b: 2 } and { b: 2, a: 1 } are treated as different values
+		if (
+			typeof current === 'object' &&
+			current !== null &&
+			typeof value === 'object' &&
+			value !== null
+		) {
+			try {
+				// Cache stringified value to avoid duplicate stringify calls
+				const valueStr = JSON.stringify(value)
+				const newHash = hashString(valueStr)
+
+				// If hash differs from cached hash, value definitely changed
+				if (this.valueHash !== undefined && this.valueHash !== newHash) {
+					this.valueHash = newHash
+				}
+				// First set (valueHash undefined) OR hashes match: do deep comparison
+				else {
+					if (JSON.stringify(current) === valueStr) {
+						this.valueHash = newHash
+						return // Values are identical, skip update
+					}
+					this.valueHash = newHash
+				}
+			} catch {}
+		}
+
+		// Only create entry in jar if value actually changed
+		if (!(this.name in this.jar)) this.jar[this.name] = { ...this.initial }
+		this.jar[this.name].value = value
 	}
 
 	get expires() {

test/cookie/unchanged.test.ts

@@ -106,4 +106,129 @@ describe('Cookie - Unchanged Values', () => {
 
 		expect(response.headers.getAll('set-cookie').length).toBeGreaterThan(0)
 	})
+
+	it('should not send set-cookie header when setting same object value as incoming cookie', async () => {
+		const app = new Elysia().post('/update', ({ cookie: { data } }) => {
+			// Set to same value as incoming cookie
+			data.value = { id: 123, name: 'test' }
+			return 'ok'
+		})
+
+		// First request: set the cookie
+		const firstRes = await app.handle(
+			new Request('http://localhost/update', { method: 'POST' })
+		)
+		const setCookie = firstRes.headers.get('set-cookie')
+		expect(setCookie).toBeTruthy()
+
+		// Second request: send cookie back and set to same value
+		const secondRes = await app.handle(
+			new Request('http://localhost/update', {
+				method: 'POST',
+				headers: {
+					cookie: setCookie!.split(';')[0]
+				}
+			})
+		)
+
+		// Should not send Set-Cookie since value didn't change
+		expect(secondRes.headers.getAll('set-cookie').length).toBe(0)
+	})
+
+	it('should not send set-cookie header for large unchanged object values', async () => {
+		const large = {
+			users: Array.from({ length: 100 }, (_, i) => ({
+				id: i,
+				name: `User ${i}`
+			}))
+		}
+
+		const app = new Elysia().post('/update', ({ cookie: { data } }) => {
+			data.value = large
+			return 'ok'
+		})
+
+		// First request: set the cookie
+		const firstRes = await app.handle(
+			new Request('http://localhost/update', { method: 'POST' })
+		)
+		const setCookie = firstRes.headers.get('set-cookie')
+		expect(setCookie).toBeTruthy()
+
+		// Second request: send cookie back and set to same value
+		const secondRes = await app.handle(
+			new Request('http://localhost/update', {
+				method: 'POST',
+				headers: {
+					cookie: setCookie!.split(';')[0]
+				}
+			})
+		)
+
+		// Should not send Set-Cookie since value didn't change
+		expect(secondRes.headers.getAll('set-cookie').length).toBe(0)
+	})
+
+	it('should optimize multiple assignments of same object in single request', async () => {
+		const app = new Elysia().post('/multi', ({ cookie: { data } }) => {
+			// Multiple assignments of the same value
+			data.value = { id: 123, name: 'test' }
+			data.value = { id: 123, name: 'test' }
+			data.value = { id: 123, name: 'test' }
+			return 'ok'
+		})
+
+		const res = await app.handle(
+			new Request('http://localhost/multi', { method: 'POST' })
+		)
+
+		// Should only produce one Set-Cookie header
+		expect(res.headers.getAll('set-cookie').length).toBe(1)
+	})
+
+	it('should invalidate hash cache when using update() method', async () => {
+		const app = new Elysia().post('/cache-invalidation', ({ cookie: { data } }) => {
+			// Set initial value
+			data.value = { id: 1, name: 'first' }
+
+			// Modify via update() - should invalidate cache
+			data.update({ value: { id: 2, name: 'second' } })
+
+			// Set to the updated value again - should detect as unchanged
+			data.value = { id: 2, name: 'second' }
+
+			return 'ok'
+		})
+
+		const res = await app.handle(
+			new Request('http://localhost/cache-invalidation', { method: 'POST' })
+		)
+
+		// Should only have one Set-Cookie header (for final value)
+		const setCookieHeaders = res.headers.getAll('set-cookie')
+		expect(setCookieHeaders.length).toBe(1)
+		expect(setCookieHeaders[0]).toContain('id')
+	})
+
+	it('should invalidate hash cache when using set() method', async () => {
+		const app = new Elysia().post('/cache-set', ({ cookie: { data } }) => {
+			// Set initial value
+			data.value = { id: 1 }
+
+			// Modify via set() - should invalidate cache
+			data.set({ value: { id: 2 } })
+
+			// Set to the updated value again - should detect as unchanged
+			data.value = { id: 2 }
+
+			return 'ok'
+		})
+
+		const res = await app.handle(
+			new Request('http://localhost/cache-set', { method: 'POST' })
+		)
+
+		// Should only have one Set-Cookie header
+		expect(res.headers.getAll('set-cookie').length).toBe(1)
+	})
 })