I suppose Cookie based authentication is - a server creating an id which is difficult to guess and sending it to client in a cookie. The client would then send the id to server in each request in a cookie. This also creates a session I suppose.
Question 1 - Does CookieAuthenticator in Silhouette works like this? The CookieAuthenticatorSettings case class also allows defining the different properties of such a cookie.
case class CookieAuthenticatorSettings(
cookieName: String = "id",
cookiePath: String = "/",
cookieDomain: Option[String] = None,
secureCookie: Boolean = true,
httpOnlyCookie: Boolean = true,
useFingerprinting: Boolean = true,
cookieMaxAge: Option[FiniteDuration] = None,
authenticatorIdleTimeout: Option[FiniteDuration] = None,
authenticatorExpiry: FiniteDuration = 12 hours)
Question2 - If Cookie authentication creates a session, what is SessionAuthenticator and how it works? How is it different from CookieAuthenticator?
