cosign is a Web single sign on system that allows users to authenticate once per session and access any protected Web resources at the institution. If used, passwords are sent only to a single, central URL. Sessions have both idle and hard timeouts, and users can logout of all protected services by visiting a single URL.