Sorry for the generic title. I'm playing around with Mozilla's Persona at the moment. I'm using Express.js with the express-persona middleware so setting everything up was incredibly simple. The client-side part is easy too, but I'm having a hard time understanding one particular part of the documentation. It says:
loggedInUser: The email address of the user currently logged into your site from this computer, or null if noone is logged in. For example, you might examine the browser's cookies to determine who is signed in. [...] Persona will compare the email address you've passed into loggedInUser with its own knowledge of whether a user is currently logged in, and who they are. If these don't match, it may automatically invoke onlogin or onlogout on page load. (Source)
express-persona sets a cookie which includes (I guess) the crypto-foo that acts as a password replacement. Am I supposed to store the email address returned by the backend in a separate cookie? That doesn't seem to be a very good idea. Maybe one of you guys knows how that's supposed to work.
You wouldn't store the email address in a cookie for Persona, any more than you'd store the username in a cookie for a password-driven login.
No, basically you do the same thing with Persona: Use a session, stored on your server, keyed from a cookie. The only difference is that your site went through the Persona auth process, instead of verifying a username + password.
The example on the page you linked to has a currentUser variable. Well, in a real web site, that variable would be filled in as a template from the server side. Do whatever you would do to support a login session, find the currently authenticated user, insert that user's email address.