jupyter-xblock

Mother of a thousand headches, Edx with good reason implements a scheme where by sessionid cookie data is caught by the middleware and cryptographically bound and timestamped, accesses to the sessionid after this will return the 'safe session cookie data', but this cannot be used for making authenticated calls to their oauth api. Instead I got around this by pulling out the entire Cookie header from the request META. I'm not entirely sure this is in the spirit of what they want achieve with safe cookie data. So I need to address this with them on Google forums to make sure I'm not creating security holes through the jupyter xblock