mozilla / node-client-sessions

secure sessions stored in cookies
Mozilla Public License 2.0
759 stars 104 forks source link

Leveraging Cookies Library, but then again, maybe not? #145

Open captainrdubb opened 4 years ago

captainrdubb commented 4 years ago

It sucks that Client-Sessions lib circumvents Cookies lib encryption, instead of integrating with it or that the documentation is not clear about what Cookie options can and cannot be used in conjunction with Session options. For instance, can't use the "signed" cookie option since Cookie has zero control over signing, and if a sap like me thinks i can toggle encryption, then a lot of head scratching will ensue.

I know, I know, open up a pull request. ...sigh