-*- mode: text; mode: visual-line -*-

Perhaps we could add an optional argument to startServer(), something like

	startServer(AuthorizationCookie => "askdfhkjhaksdjhfalsdfjahsdfkjahsdlfuweyrhiwehkajsdhf")

then the server could insist that connecting clients know the cookie, adding a bit of security.

Channeling everything through the program "openssl", which seems to be on most machines, would make it totally secure, and prevent eavesdroppers from seeing the cookie.

Alternatively, each cookie could be valid for only a single use by a single client (mark it used as soon as it's received!), and the server could be started with a function that provides a stream of cookies, the sort of stream where the next cookie cannot be deduced from the previous ones.

A function that accepts a large integer and produces from it a secure stream of cookies might be generally useful.

Hmm, what if a client generates a cookie, never manages to send it to the server, then generates another cookie and sends it to the server.  Hmm, maybe we have to generate a set of cookies, rather than a stream...
