- Add
ClearCookieto the examples, like forpermissions2andpermissionbolt - Use the anti timing-attack from martini-contrib/auth/.
- Look into supporting HTTP basic auth, but only for some paths (see xyproto/scoreserver)
- Use a more international selection of letters when validating usernames (in
userstate.go)