This would be more for developer convenience than anything else. If we run two servers on the same domain (e.g., on localhost) but different ports or proxy prefixes, the girderToken cookie ends up conflicting between the two. When switching between the two servers, some things peculiarly fail because the cookie auth from server A doesn't work on server B.

We want to use cookies for auth so that resources that don't use custom headers (like images) can have authentication. We could alternatively refactor so everything that currently uses cookie auth would take a token parameter, but that makes links less shareable between authenticated users.

This could be as simple as reading an optional environment variable in girder/api/rest.py and using it instead of our fixed string.