the whole confirm_login and cookie handling needs to be
re-thought. if a user doen't have the cookies set, does a
query and logs in before buglist comes up, then the BUGLIST
cookie will be displayed to their screen.
confirm_login should probably be re-written to return an
array of cookies that the cgi's can deal with as they see
fit, rather than sending its own header and cookies out.
ok, it looks like cookie handling has finally reached a sane state. I
cannot find any code paths now that print cookie headers incorrectly.