Actix-web: Cookie auth example

added cookie-auth

@brandur i saw you use cookie auth in your project, would you use this if i add it to main actix-web?

@fafhrd91 Ah nice, that's really interesting.

I'd consider it (although given that I've already gotten identity storage in a cookie implemented/tested, converting would be relatively low priority). Overall though, I'd bring up two concerns:

1. I kind of like having direct control over the entire cookie primitive just in case I need to do some granular tweaking. For example, I haven't implemented this now, but I might put in some sort of "cookie secret rotation" scheme later that allows me to rotate my cookie secret while allowing my active users to have their cookies re-signed gracefully (so that they're not suddenly logged out).
2. I'd be a little careful bringing too much beyond core HTTP mechanics and some ergonomic niceties into actix-web. I think the project really shines right now in that it does a great job of providing those while also not trying to do _too_ much. You could easily imagine it being a platform that frameworks with higher-level abstractions could be built on top of.

Both your points makes sense. I just want to bring some core functionality to simplify basic usage until community grow a little :)

eventually I'd like to move most of middlewares to separate projects

Haha, sounds good :)

eventually I'd like to move most of middlewares to separate projects

+1 to this. It seems to be very much "the Rust way" to have lots of small packages. I think it would be awesome to see the core HTTP functionality stay in one actix-web crate, but to also have a readily available list of other related crates (and what they do) that can easily be plugged in to add more functionality.

all this plans are not defined yet. I need more people who can make decision on framework direction. at the moment I have to make all decisions myself :)

all this plans are not defined yet. I need more people who can make decision on framework direction. at the moment I have to make all decisions myself :)

Haha. Well I'm somewhat invested now, so definitely available for second opinions if you need them. I'm interested in trying my hand at some actix-web contributions too, but for the time being I'm prioritizing pushing forward on my own project for a little longer.