Jeff, doesn't the current sessionID in cherrypy use sha1 already? Here's the code snippet from the sessionfilter:
def generateSessionID():
""" Return a new sessionID """
return sha.new('%s' % random.random()).hexdigest()
Given that you do this:
self._secretToken= sha.new(str(time.time())).hexdigest()
I'm still not sure why you decided to create a separate cookie for
identity.
