supertokens · porcellus · Jun 19, 2025 · Jun 17, 2025 · Jun 17, 2025 · Jun 18, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [20.1.7] - 2025-06-17
+
+-   Refactors internal logic of parsing cookies to check accessToken and optimizes it to avoid parsing unrelated cookies.
+
 ## [20.1.6] - 2024-11-26
 
 -   Fixes an issue where `removeDevice` API allowed removing verifiedTOTP devices without the user completing MFA.

diff --git a/lib/build/recipe/session/cookieAndHeaders.js b/lib/build/recipe/session/cookieAndHeaders.js
@@ -253,15 +253,17 @@ function parseCookieStringFromRequestHeaderAllowingDuplicates(cookieString) {
     const cookies = {};
     const cookiePairs = cookieString.split(";");
     for (const cookiePair of cookiePairs) {
-        const [name, value] = cookiePair
-            .trim()
-            .split("=")
-            .map((part) => decodeURIComponent(part));
-        if (cookies.hasOwnProperty(name)) {
-            cookies[name].push(value);
-        } else {
-            cookies[name] = [value];
+        const [name, value] = cookiePair.trim().split("=");
+        // Try to decode the name or fallback to the original name
+        let decodedName = name;
+        try {
+            decodedName = decodeURIComponent(name);
+        } catch (e) {
+            logger_1.logDebugMessage(
+                `parseCookieStringFromRequestHeaderAllowingDuplicates: Error decoding cookie name: ${name}`
+            );
         }
+        cookies.hasOwnProperty(decodedName) ? cookies[decodedName].push(value) : (cookies[decodedName] = [value]);
     }
     return cookies;
 }
diff --git a/lib/build/version.d.ts b/lib/build/version.d.ts
diff --git a/lib/build/version.js b/lib/build/version.js
diff --git a/lib/ts/recipe/session/cookieAndHeaders.ts b/lib/ts/recipe/session/cookieAndHeaders.ts
@@ -303,16 +303,19 @@ function parseCookieStringFromRequestHeaderAllowingDuplicates(cookieString: stri
     const cookiePairs = cookieString.split(";");
 
     for (const cookiePair of cookiePairs) {
-        const [name, value] = cookiePair
-            .trim()
-            .split("=")
-            .map((part) => decodeURIComponent(part));
-
-        if (cookies.hasOwnProperty(name)) {
-            cookies[name].push(value);
-        } else {
-            cookies[name] = [value];
+        const [name, value] = cookiePair.trim().split("=");
+
+        // Try to decode the name or fallback to the original name
+        let decodedName = name;
+        try {
+            decodedName = decodeURIComponent(name);
+        } catch (e) {
+            logDebugMessage(
+                `parseCookieStringFromRequestHeaderAllowingDuplicates: Error decoding cookie name: ${name}`
+            );
         }
+
+        cookies.hasOwnProperty(decodedName) ? cookies[decodedName].push(value) : (cookies[decodedName] = [value]);
     }
 
     return cookies;

diff --git a/lib/ts/version.ts b/lib/ts/version.ts
@@ -12,7 +12,7 @@
  * License for the specific language governing permissions and limitations
  * under the License.
  */
-export const version = "20.1.6";
+export const version = "20.1.7";
 
 export const cdiSupported = ["5.1"];
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "supertokens-node",
-    "version": "20.1.6",
+    "version": "20.1.7",
     "description": "NodeJS driver for SuperTokens core",
     "main": "index.js",
     "scripts": {