#ZegnatBut how would you “decode” the cookie? You’d either need some shared back-end storage, or go stateless. For stateless there either needs to be a public/private key thing set-up or login.indieweb.org needs another API you can call to check the cookie.