2019-01-09 UTC
# 
fr33domlover rialtate[m], hmmm what if key rotation occurs? i.e. that master key is changed once an hour or so? Generally in web apps AFAIK there may be a key used for encrypting session cookies, all clients of the web app have their cookies encrypted with that same key. Is that safe here too? To sign all relevant HTTP requests with the same key? (especially if it gets regenerated on a regular basis)