add /code_update handlers to all servers to allow unpriviled users with localhost access on the machine to shut them down with an http request (for code update)

during sync emails, we only sync issued identities for now, manually set issuer to the one and only secondary (eyedee.me)

if the user comes into the ip with a valid cookie pointing to an unknown email address, purge the cookie.  this happens upon database purge

in source urls are now all (interim == eyedee.me) live, the test harness subs in testing urls & hostnames

a little wrapper file to run the implementation provider/secondary thingy standalone outside of the test harness

generate a persistent secret for cookie encryption at first server run.  still in pursuit of zero-config and as stateless as possible.

another patch to cookie-sessions.  don't bring the server down when a bad cookie is detected.  just ignore it

fix boogs: now running on firefox.  deal with the strange session preservation properties of the navigator object, and lockdown the jschannel so that include.js only speaks to its intended audience

move to encrypted cookies for persistent auth with the IP, fix several usability bugs related to the abscense of this