That’s not my Cookie!
Yesterday I fixed an eight-year-old security bug in my bespoke password vault.
After a user logs in, the server issues a new Cookie for them. It’s sure to restrict itself with Morsels like
max-age. The Python code looks like this: