Send the http request with cookie

[hanweifish]

One question I had is in your app(angular) part, I did not see you manually send the cookie through each http request. Is that done by Passport automatically? Because what I did before is using interceptor to add the cookie in the header if I had the cookie stored.

Why I ask this question because I found now for my each request, I did not send any cookies in my header, and thus get new sessionid every time....

Anyway, very good tutorial. Thanks.

[joeeames]

Honestly I'm a little confused on this question. It's a default behavior for all browsers, that any request automatically includes all cookies for that domain. See this: http://stackoverflow.com/questions/1336126/does-every-web-request-send-the-browser-cookies

[hanweifish]

Sorry, I have one question, I just curious what's the best practice to do authentication again when refresh the page by using angular. All I did now in the app run, I just try to loginwithcookie (not password and username, just the conncet.sid) after refresh (the server will do the authentication depends on the cookie). I do not feel secure about this. Is that right? How better way to do this. And I do not want to put too much on the cookies. Or do you have any good reference about this? Thanks a lot.

[hanweifish]

one more thing, I use passport in node stack to authentication the user. Thanks.