Great post! I still think this should be way easier. Forwarded to the team for triage.

Interesting article. I think there are some issues with the implementation: 1. The value should contain a created date and the impl. should use this to check for expired sessions 2. I guess it would be better to encode the value base64 to avoid problems with special chars