>Am I missing something? Again, why not a random cookie value each time?? Cookies, as rumored, are not secure. The unique part of the nonce must be stored in the database.