This commit adds a separate protected resource page to demonstrate how to selectively require logins. Add code to improve client performance by providing modification timestamps and Cache-Control headers for embedded static files.
- add identity information to the index page - let the session expire when the token expires
