eh, depending on what you're storing couldn't it hit the RFC cookie
limit pretty easily?
The only piece of data you would need is the user id. Everything else
can be deduced from that.
i suppose it has some sort of key and expiry in it so people can't
spoof alternate expiry times etc.
Not really sure, haven't used it in production and I'm not working
with rails at the moment. You make a good point thou, you probably
need two things, the user id, and an expiry time encoded in the