There is no need for the complex gorilla/sessions machinery for what
is basically a single cookie, so we switch to using
gorilla/securecookie directly.