hueniverse
commented
5 years ago This is clearly explained in the readme. You need to store your own session identifier in the cookie and then look that data up in a store. It is pretty easy to do if you combine cookie with the hapi cache support and link that to a redis server so something similar. This plugin does not provide this functionality built-in because the use cases are very specific.
lock[bot]
Related to #217
When a user logs in using username and password, I also add to the cookieAuth object the list of groups the user belongs to.
This is very handy, but when a user belongs to 100+ groups I get:
Set-Cookie header is ignored in response from url: http://example.com/login. Cookie length should be less than or equal to 4096 characters.Is there a way to associate data to a session, but avoiding that all goes serialised to a gigantic encrypted cookie?