I have been reading through the documentation of both Couchbase Lite and Sync Gateway, specially about authenticating users. I found two different recommendations on how to return the cookies to the client.
The app server adds a Set-Cookie: HTTP header to its response to the client, using the session cookie name and value received from the gateway
The HTTP response body contains the credentials of the session. It is recommended to return the session details to the client application in the same form and to use the setCookie method on the replication object with the parameters:
Which one is the recommended way?