Yep, but I already store my darknet passwords in a text file on encrypted media, so the threat doesn't change except the cookie is like a temporary password. On the other hand, if the cookie can expire in as little as 12 hours, it may not be that good of a workaround. Thanks for the info, SS.