It only supports verifying the password over https now. Use it instead of manually setting the 'password' cookie because it allows to check if the password is correct.