Code review comment for lp:~deryck/launchpad/field-visibility-persistence-891780

The server would set whatever the js code passed in, though. And yeah, maybe it's not worth worrying about. It just feels wrong to me.

I'm not opposed to having a single cookie that client code can write to via an API; just not sure if it should be the same one as the session cookie. And if it's not the session one, then it feels the long way around to have an API to set a cookie. :)

Again, I'll concede I may be overly paranoid here.