We now send a cookie if any of these conditions are met: (a) a cookie was used for authentication (b) a cookie was sent but not used for authentication, and the credentials used for authentication were the same as those in the cookie (c) the user asked to have a cookie sent and is not a guest user. Now whenever we're not sending a "real" cookie, we send a cookie with no user or key data that expires "one day ago".
Changed paths:
trunk/webwork-modperl/lib/WeBWorK/Authen.pm
trunk/webwork2/lib/WeBWorK/Authen.pm