I'm trying to get an auth system using hapijs + secure cookies.
in my auth handler I'm setting 2 cookies:
h.state("idToken", JWT.token, optionsObject);
h.state("refreshToken", refreshToken.token, optionsObject);
return h;
This is working because both cookies are being set, but the weird part is that "refreshToken" is being encrypted while "idToken" no, and both calls to state use the same options object(the only difference is ttl value).
Tokens both are valid JWT strings, encoded using the same function with the only difference being the size of the payload and because of that the length of those tokens.
have any of you seen something like this?
Thanks in advance.
Encryption could be done using the options object, passing "encoding" and "password" values.
so to do it globally for a specific cookie you can do the following:
server.state('cookieName', {
encoding: 'iron',
password: 'some secure at least 32-byte length key'
});
or in your handler using:
h.state('cookieName', {
encoding: 'iron',
password: 'some secure at least 32-byte length key'
});