The session "parser" in lib/user is just: this.user.session = nowjs.sessions[unescape(cookie)].
This doesn't work with signed cookies (or if one implemented encrypted cookies) since the session id is not the cookie string value.
Possibly nowJS should allow tu use a user-defined function to extract the session id from the cookies. Alternatively one could pass the secret to nowjs so it can validate the cookie is correctly signed.
The session "parser" in lib/user is just:
this.user.session = nowjs.sessions[unescape(cookie)].This doesn't work with signed cookies (or if one implemented encrypted cookies) since the session id is not the cookie string value.
Possibly nowJS should allow tu use a user-defined function to extract the session id from the cookies. Alternatively one could pass the secret to nowjs so it can validate the cookie is correctly signed.