Updated example #19
Updated example #19
Conversation
Ok, the example made me waste 10+ hours trying to figure why my login didn't work. Not all people understand 100% the library and the example is just plain wrong. The example used `secure: true` and copy-pasting it on a non-https site would fail to work always. Also, the **Options** doesn't include anything about **cookie secure**, so i updated the example to make it working and simple, and also updated **Options** to include `secure` defaults.
|
Ideally we want the example to show people how to do it correctly, since people unfortunately copy-paste into production. This is why the example has secure cookies and http-only cookies enabled. |
|
Ok but "secure" doesn't appear in Options. It's not documented! |
|
Sure, sure. The options given to |
|
Thanks for posting this comment, @felixsanz! I've now spent 5+ hours trying to figure out why |
|
+1 for this to be merged. I spent 2 hours trying to figure out what was wrong and decided to check the PR. :( As of using the secure as default. I think a lot of people will use proxies for that (proxypass, nginx or even heroku). I think secure should be false in the example. To mitigate the problem of people not being aware of secure:true for ssl connections we could add a comment stating about option and its requirement if using SSL directly. |
…nks to @felixsanz gist: secure cookies need https, docs didn't mention it
|
@felixsanz thank you. I had to manually merge this due to some conflicts. |
Ok, the example made me waste 10+ hours trying to figure why my login didn't work.
Not all people understand 100% the library and the example is just plain wrong. The example used
secure: trueand copy-pasting it on a non-https site would fail to work always. Also, the Options doesn't include anything about cookie secure, so i updated the example to make it working and simple, and also updated Options to includesecuredefaults.