In short: without setting path: '/' you could unintentionally end up with multiple versions of your cookie. I recommend suggesting in the documentation to set path: '/' or make it the default?
Longer explaination:
I had some trouble with using this package because it turned out it would set different cookies for different request paths.
For me sometimes a login would be set from a request to /api/something and another (registration) request would just be a POST under '/'.
If I removed the cookie under '/' one of the requests during the page load (an API request) would still find the logged in user. After I set path: '/' this problem resolved.
In short: without setting
path: '/'
you could unintentionally end up with multiple versions of your cookie. I recommend suggesting in the documentation to setpath: '/'
or make it the default?Longer explaination: I had some trouble with using this package because it turned out it would set different cookies for different request paths.
For me sometimes a login would be set from a request to /api/something and another (registration) request would just be a POST under '/'.
If I removed the cookie under '/' one of the requests during the page load (an API request) would still find the logged in user. After I set
path: '/'
this problem resolved.