I've successfully built an app that hits my custom API and sets a session cookie but I'd like a different workflow as I'm embedding my app within a site where the user will already be logged in.
I'd like to pass the cookie to the app via a param and then use it to hit my APi without having to create a username/passwork form - removing the need to log in twice. Is that possible?
In addition, I can't see any documentation anywhere to invalidate the cookie once set. Any tips on how to do that too?