I am using the example files, which I set the options.tokenPersistence ot 'cookie'. Then I created a page named as aa.lp following the reference manual:

<title>Login</title> <% cgilua.enablesession () if not cgilua.authentication.username() then cgilua.redirect(cgilua.authentication.checkURL()) else -- continues with the application flow end %> dondoanfdafd

But the login fails, and the reason is there is no Set-Cookie in 302 redirection packet.