<p>If you actually look at the cookie, you find that it looks something like
this:
<blockquote>
- <tt>1357322139.HFsD16dOh1jjdhXdO%24gkjQ.eBcBNYFhi6sKpGuahfr7yQDzqOJuYZZexJbVug9ultU.mdw</tt>
+ <tt>1357322139.eBcBNYFhi6sKpGuahfr7yQDzqOJuYZZexJbVug9ultU.mdw</tt>
</blockquote>
-(Did I say something about long and ugly?) It consists of four pieces
+(Did I say something about long and ugly?) It consists of three pieces
separated by dots ‘<tt>.</tt>’.
<dl>
seconds since 1974–01–01 00:00:00 UTC (or what would have been
that if UTC had existed back then in its current form).
-<dt>Nonce
-<dd>This is just a random string. When you change a password, the server
-checks that the request includes a copy of this nonce, as a protection
-against
-<a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery"><em>cross-site
-request forgery</em></a> attacks.
-
<dt>Tag
<dd>This is a cryptographic check that the other parts of the token
haven’t been modfied by an attacker.