genusistimelord
commented
2 years ago I will need to look into it.
I do not see any special signing capabilities in tides Cookies?
https://github.com/http-rs/tide/blob/main/src/cookies/middleware.rs
I do see they are doing the Exact same thing I am currently doing. https://github.com/AscendingCreations/AxumSessions/blob/main/src/service.rs#L257.
I do See cookies Supports https://github.com/SergioBenitez/cookie-rs/blob/master/src/secure/signed.rs#L23
or should we go the Extra level and make this a private cookie. as this offers all the benefits of a signed Cookie but hides the Value from the Client side completely. which makes it that much harder to grab the Values and attempt to reproduce them. https://github.com/SergioBenitez/cookie-rs/blob/master/src/secure/private.rs#L27
But yes we can redo the cookies to use one of these I just need to figure out which would be best. If you like you could make a PR with one of these as well or even both if you wanted to make it a Feature.
Hi there, curious if this crate will support signing? Without it, the cookie can be tampered with. Tide for example provides this capability.