have any implementations changed expresso to write a "digest" key instead of the password in the cookie? or do security-minded implementations just forbid cookies, removing the checkbox for "remember" in the login screen? larry