<h2>What do you need this cookie for?</h2>
-<p>The cookie contains a token which tells the server that you've logged in
-properly. We could have chosen to use a hidden form field to carry this
-token about, but that causes other trouble.
+<p>The cookie contains a token which tells the server that you’ve
+logged in properly. We could have chosen to use a hidden form field to
+carry this token about, but that causes other trouble.
<p>For example, if we used <b>GET</b> requests then the token would appear as
part of a URL, where it would end up being written in the location bar of
is kind of long and ugly.
<p>We could avoid this problem by using <b>POST</b> requests everywhere, but
-that causes other trouble. In particular, you'd get that annoying
+that causes other trouble. In particular, you’d get that annoying
<blockquote>
The page that you’re looking for used information that you
entered. Returning to hat page might cause any action that you took to be
</blockquote>
message whenever you hit the reload button.
-<h2>What's in this cookie?</h2>
+<h2>What’s in this cookie?</h2>
<p>If you actually look at the cookie, you find that it looks something like
this:
<dd>This is just a random string. When you change a password, the server
checks that the request includes a copy of this nonce, as a protection
against
-<a href='http://en.wikipedia.org/wiki/Cross-site_request_forgery'><em>cross-site
+<a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery"><em>cross-site
request forgery</em></a> attacks.
<dt>Tag
-<dd>This is a cryptographic check that the other parts of the token haven't
-been modfied by an attacker.
+<dd>This is a cryptographic check that the other parts of the token
+haven’t been modfied by an attacker.
<dt>User name
<dd>Your user name, in plain text.
</dl>
-<h2>How do I know you're not using this as part of some hideous behavioural
-advertising scheme?</h2>
+<h2>How do I know you’re not using this as part of some hideous
+behavioural advertising scheme?</h2>
-<p>That's tricky. I could tell you that this program is
-<a href='http://www.gnu.org/philosophy/free-sw.html'>free software</a>, and
+<p>That’s tricky. I could tell you that this program is
+<a href="http://www.gnu.org/philosophy/free-sw.html">free software</a>, and
that you can
<a href="~={script}H/~={package}H-~={version}H.tar.gz">">download its
source code</a> and check for yourself.
-<p>That's true, except that it shouldn't do much to convince you that this
-server is actually running the code it claims to be. And anyway, Chopwood
-itself represents only one of many bits of software which could be keeping
-track of you somehow through this cookie.
+<p>That’s true, except that it shouldn’t do much to convince
+you that this server is actually running the code it claims to be. And
+anyway, Chopwood itself represents only one of many bits of software
+which could be keeping track of you somehow through this cookie.
<p>So, really, it comes down to trust. Sorry.