Tornado version 1.0 suffers from an insecure cookie vulnerability.
0d209d823b9e5a58b60ee50b656f89fe4063aedbe562d954f442f3b665389f76
web.go suffers from an insecure cookie vulnerability. Their cookie is modeled after Tornado which had the same issue reported on in 2010.
ee2dc2d011a705d23606558d2a5af6c6a4bbf9a22dfdf2f4a9697f1c61fde09f