Support deferring session cookie creation until data added

[jonahsnider]

The @adonisjs/session middleware will set the session cookie for all incoming requests. I would like a way to alter this behavior to only set the session ID cookie once data is added with .put() (ex. after signing in). This should be opt-in, to avoid breaking existing behavior.

The use case for me is that my frontend can check if a user is authed by checking for presence of the adonisjs-session cookie, instead of making a request to the backend to check if the session is authed.

[thetutlage]

I think you are using the wrong data point to find if the user is logged-in or not. Sessions and user auth are not the same thing. For example, a session will be/can be created for multiple other reasons. For example: If your app uses flash messages, or it writes something to the store, then also a session is persisted.

A better way will be to let your frontend app hit once the backend endpoint and get the user info. And then you can check for 401 status code in your API responses. If there is a 401, you can redirect the user to the login page.

[jonahsnider]

That's fair. I think I'll add a separate cookie specifically to track if the user was authed. The frontend app currently does a request to the backend to check auth status, but the latency of that request can be fairly slow for whatever reason. Trying to reduce that render bottleneck is what led me down this path of avoiding the need to ping the backend at all for this page render flow.