Cookies

To be fair, I decided to go down this rabit hole because I was anal about my user flow and wouldn’t budge. It started with building a session based authentication mechanism for users of the FIFAWall app. Given that I started building it out for myself and my immediate circle of friends only, I wanted the onboarding/sign up/login flow to be as frictionless as possible. If ever I decided to market and extend it beyond my immediacy. Nobody in their right mind was going to give me their social login to sign up and post screenshots of their FIFA matches. Frictionless as in a user shouldn’t really have to sign up or log in. I wanted more and more folks to try it out. All I expect is that the app should be opened on a mobile device in a non-private window. I should be able to maintain a session based authentication and name based identification mechanism. Primarily to differentiate anonymous and known users (this branches into different user flows downstream). Through the painstaking process of reasoning with a LLM, I discovered that modern browsers like Safari and Chrome end up cleaning up/deleting cookies that your application might have set. Even against your explicit instructions to not do so (by setting session cookie expiry). Having already built and released a beta version, I tried prompting my way to fixing the erstwhile methodology of using a session cookie to identify users. I ended up trying multiple approaches across 3 or 4 coding sessions. Only to succeed today when I ended up aligning on using a remember me token stored in local storage to prevent from cookies getting expired or worse deleted. I was also surprised that I was able to guide the LLM today without much deviation. Once the LLM even admitted that it had complicated an approach that didn’t need to and should’ve just extended the current implementation. I am jotting that down as a personal win!