It would be nice if the user could be logged of as well.
Maybe using a method on the UserPass type.

Because we create a new instance of the Config struct, a new configuration context is created ignoring the existing configuration context.

So if the user changes the cookie identifier key with for example an environment variabele the change won't be included in the lookup of the config variable

With the introduction of private cookies in Rocket 0.3.0 the project removed the FromCookie trait that allowed users to create their own mechanism of storing cookies.

However, there are some use cases in which the user would want to have additional validation of the cookiestring aside of the validation that rocket provides.

This issue is created to invistigate this and to track the progress made on that.

At the moment the authenticator isn't used in case of a failed login so it makes little sense to let types that implement the Authenticator trait return a reference to themselves when the login has failed.

This makes even less sense if you consider that the authenticator must be able to return a User type and thus must embed that within, but if the authentication failed such type cannot always be constructed.

Thus I propose to let the function return something else for the Error variant of the result.

At the moment the incoming fields of the form are not decodef properly.
They still contain url encoded versions of their characters, because of this login with a special token (like an @) will fail.