Beyond that though, I've had to hack a fair bit to get "remember me" working (following the practices suggested http://stackoverflow.com/questions/549/the-definitive-guide-... and http://fishbowl.pastiche.org/2004/01/19/persistent_login_coo...) so not exactly straight-forward. (Aside: the remember me example for passport local might not be production ready, see http://stackoverflow.com/questions/16136712/is-an-authtoken-...).
Also would love to hear what others are using!