I can change cookies at will it's like being a shapeshifter
If your signature algorithm is something home grown and not just like, RSA or something I could maybe even find a way to trick it and forge cookies without being revealed as an impersonator. By signing my own cookie.
That last sentence sounds like a dirty joke.
• from f4e7f44a7d623d20
It's just hash('sha224', $mail_cookie . $sig_secret), but DAMN, that's a good idea! Maybe in a future overhaul, things will become a little more interesting.