It (still) seems odd that CookieAuthority deals with both MirCookies and with pairs of timestamp and MAC. Surely a /cookie/ authority should deal with Cookies? Would it not make more sense as:
auto make_cookie(Timestamp t) -> unique_ptr<MirCookie>
auto authenticated_timestamp(MirCookie const& c) -> Timestamp
Having clients aware of the MAC seems like a leaky abstraction
[Just comment]
It (still) seems odd that CookieAuthority deals with both MirCookies and with pairs of timestamp and MAC. Surely a /cookie/ authority should deal with Cookies? Would it not make more sense as:
auto make_cookie( Timestamp t) -> unique_ ptr<MirCookie>
auto authenticated_ timestamp( MirCookie const& c) -> Timestamp
Having clients aware of the MAC seems like a leaky abstraction