Custom authentication recommendations

#1

Hi,
I have been reading through the documentation of both Couchbase Lite and Sync Gateway, specially about authenticating users. I found two different recommendations on how to return the cookies to the client.

From Sync gateway guide:
http://developer.couchbase.com/documentation/mobile/1.2/develop/guides/sync-gateway/administering-sync-gateway/authenticating-users/index.html

The app server adds a Set-Cookie: HTTP header to its response to the client, using the session cookie name and value received from the gateway

From Mobile guide
http://developer.couchbase.com/documentation/mobile/1.2/develop/guides/couchbase-lite/native-api/replication/index.html#custom-auth

The HTTP response body contains the credentials of the session. It is recommended to return the session details to the client application in the same form and to use the setCookie method on the replication object with the parameters:

Which one is the recommended way?

#2

The Set-Cookie header and the session_id property in the response body are set to the same value - you can use either.

Some HTTP clients will manage storage of the cookie value automatically based on the Set-Cookie header. The session id is duplicated in the request body to support clients that don’t do cookie management, or for scenarios where the application prefers to do manual processing.

#3

Thanks for the reply. Just as a suggestion, maybe the reasoning should be added somewhere in the documentation, or the wording could be improved specially in the part about returning it in the same form to client (and add the header).

Thanks again