jasonadamyoung
commented
6 years ago Turns out the cookies were permanent already. And the token urls are ugly.
Let's just:
- sign the cookies
- pull the form/location check into the controller and not javascript
One mitigation for cookie loss would be writing a token to registration urls that uniquely identify a registered participant and maintain their apparent registration for an event.