On Mar 7, 2006, at 5:05 PM, Mike Orr wrote:

> TG signs the auth cookie cryptographically to prevent
> session hijack; I don't think Quixote does.

Can you explain how this provides additional security?