question about cookie authentication for eclair

[Thoragh]

I'm looking at taking #1437 and have an design question:

Should there be an separate username for cookie authentication, similar to Bitcoins ___COOKIE___?
Or without username and compare each RPC request against both the cookie password and the user configured eclair.api.password?

[t-bast]

I think cookie and user/password should be exclusive, like what bitcoind does.
If you turn on cookie auth, that automatically disables the user/password auth.

I would mimick what bitcoin core does (___COOKIE___ username and random password), so that it doesn't create friction for people used to that kind of authentication.