* shortly after dialog is spawned, we remove the four random chars in the fragment (aesthetic)
* fix bug where session duration had an upper bound of 7 days - the time the server was running: #310
* fix bug where a user could go longer than 1 week without re-authenticating: #309
train-2011.09.22:
* migrate to browserid signed certificates rather than keypairs where browserid hosts the public key: https://github.com/mozilla/browserid/issues?milestone=6
