X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/chopwood/blobdiff_plain/40c5485b01a84b8a6b83f0e63576039cb856a36c..3cf8e1b7955599378bff9089cd66f50654c5cb12:/cookies.fhtml

diff --git a/cookies.fhtml b/cookies.fhtml
index f8862b3..58b725e 100644
--- a/cookies.fhtml
+++ b/cookies.fhtml
@@ -59,9 +59,9 @@ message whenever you hit the reload button.
 <p>If you actually look at the cookie, you find that it looks something like
 this:
 <blockquote>
-  <tt>1357322139.HFsD16dOh1jjdhXdO%24gkjQ.eBcBNYFhi6sKpGuahfr7yQDzqOJuYZZexJbVug9ultU.mdw</tt>
+  <tt>1357322139.eBcBNYFhi6sKpGuahfr7yQDzqOJuYZZexJbVug9ultU.mdw</tt>
 </blockquote>
-(Did I say something about long and ugly?)  It consists of four pieces
+(Did I say something about long and ugly?)  It consists of three pieces
 separated by dots &lsquo;<tt>.</tt>&rsquo;.
 
 <dl>
@@ -70,13 +70,6 @@ separated by dots &lsquo;<tt>.</tt>&rsquo;.
 seconds since 1974&ndash;01&ndash;01 00:00:00 UTC (or what would have been
 that if UTC had existed back then in its current form).
 
-<dt>Nonce
-<dd>This is just a random string.  When you change a password, the server
-checks that the request includes a copy of this nonce, as a protection
-against
-<a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery"><em>cross-site
-request forgery</em></a> attacks.
-
 <dt>Tag
 <dd>This is a cryptographic check that the other parts of the token
 haven&rsquo;t been modfied by an attacker.