Matasano Security LLC - Chargen - If You're Typing The Letters A-E-S Into Your Code, You're Doing It Wrong - interesting article (even if in a somewhat strange presentation form) about typical problems with the use of cryptography for SSO in web systems. Simply "I encrypt the cookie and then everything is fine" just doesn't cut it ...