-
-
Notifications
You must be signed in to change notification settings - Fork 171
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: local with cookie session #564
Conversation
e02becd
to
36e55ce
Compare
0f0a1ec
to
0669c3a
Compare
Hi @benjipott 👋 Thanks for your contribution! Feel free to let me know, when I can do a first review! |
deace67
to
98406bb
Compare
@zoey-kaiser happy to see if that can help |
Hi @benjipott 👋 I will need to discuss this internally first. My only reservations with this PR would be that cookie based authentication is less secure then session based authentication. Therefore we would need to discuss if we want to provide this feature and if we do, how we could ensure developers know that a cookie based solution is less secure https://dev.to/emmykolic/cookies-based-authentication-vs-session-based-authentication-1f6 |
Sure but the real target of this PR is to allow all devs to keep their integration choices based on their backend infrastructure. And for me, session token is better and more secure than cookies stored on devices. Actually, useCookie is implemented without option like domain, secure configuration. Keep in mind, if you don't give developers a choice, they won't use your tools. Happy to help. |
98406bb
to
ee58fcf
Compare
ee58fcf
to
28016db
Compare
I definitely agree! I can also see some situations in which a cookie provider would make more sense. My current plan is the following:
|
A simple PR to prevent create a new provider like #495 and set session in header
Closes # .
Checklist:
#
)