Hey 👋 ! Thanks for creating clearance. It looks like a breath of fresh air!

We're currently using devise and hoping to transition to clearance. Ideally, we'd like to automatically recognize existing devise sessions and then "migrate" them to clearance on-the-fly, so users won't even notice that we switched.

I can handle the devise deciphering of cookies/sessions to find out if a user is logged-in, and then I guess we can use sign_in(user) in clearance to migrate. I have a couple of questions however, in case anyone has some experience with this, or maybe just ideas on the best way to do this:

1. Where is the best place to add this kind of on-the-fly migration code? Do we need a middleware for it? or is there a way to inject it somewhere else early enough before the require_login kicks in? also the initial request after deploying the change will have no clearance cookies set yet...
2. Is there a better/different way to transition from devise to clearance without logging everyone out?
3. When digging into this I noticed that devise uses signed cookies for the remember_user_token, whereas clearance just uses a plaintext cookie. Is this secure enough? I imagine signing cookies can eliminate hitting the database / timing attacks via brute-forcing the remember token...

Would appreciate any thoughts / tips. Thank you!