[z8000]

1. Rails already makes things very easy. 2. The improvement was for something that (yes, subjectively) did not look overly burdensome to begin with.

[tptacek]

Cookies with MACs did in fact get substantially easier, that was in fact a feature people regularly screwed up, and the fact that you have to manually arrange to expire user-based cookies when passwords change is a sign that there's still work left to be done.

The more of this functionality Rails takes over and stops leaving up to developers, the happier I'll be.