> However if we used something else than XDG_SESSION_COOKIE, like tagging > a process with a secret cookie that only privileged processes can > read/write it would provide real security. just use the kernel keyring infrastructure.. afaik that has per session cookies like this.