Add option to use traditional cookie-based sessions

[riverrun]

This issue is to discuss adding an option to use sessions for authentication instead of JWTs.

At the moment, Openmaize uses JSON Web Tokens for authentication. An alternative method of authenticating users is to use a more traditional cookie-based approach. Many users coming from Ruby / Rails will probably be used to using sessions and might therefore prefer this approach.

I have no strong opinion on this issue - there are advantages and disadvantages to both approaches. What concerns me more is that whatever method is used is implemented correctly.

Guidelines for discussion

• give reasons for your viewpoints
• add links to the sources of your information
  • blog posts are OK, but academic papers are better
  • if there are no sources, clearly state "In my experience ..."

[riverrun]

I've added a sessions branch, which has the JWTs replaced by sessions. This is still under consideration, but my current plan is to make the switch to sessions and update to either version 1.1 or 2.0. I can still support JWTs if there is demand for it.

[zimt28]

That's awesome! When will the new version be released?

[riverrun]

@zimt28 Very soon. Actually, it's already done, but I want to update openmaize_jwt at the same time. Hopefully, that will be finished today or tomorrow.

[zimt28]

@riverrun All right. I'd like to start using it now - as it's not on Hex yet, is there a way to use it from GitHub already? Will I run into problems when switching to the Hex version?

[riverrun]

I'll update openmaize later today. I'll let you know when I've made the changes.

[riverrun]

Just updated hex package to version 2.0.0, which supports sessions by default.