Feature: cookie based auth

[ZakariaTalhami]

Changes:

• Remove tokens from the response body of login API
• Set "Set-Cookie" header for access and refresh token cookies

[ZakariaTalhami]

Is anyone aware of a better way to implement setting cookies in the header of the response?

[believemanasseh]

I'm not sure this change is needed again. The cookie-based authentication is being implemented with redis

[zatoa]

It could be a good idea to encrypt the cookie, a lot of auth libs do this, even if set to httponly

[MrBisquit]

It could be a good idea to encrypt the cookie, a lot of auth libs do this, even if set to httponly

If it's JWT there's no need for it