If any Set-Cookie headers are sent in response to a request that contain an MST or JST, update the credential store automatically. Provide an option to write these new values out to a configuration file (not necessarily the same one the application was started with). Handle urlencoded MST and JST tokens in configuration files more gracefully (this isn't possible in general, but we can attempt to use decodeURIComponent on failure, try again if we get a different string back, and print a warning).

Three hours dungeon. Then... acceptable. Likely acceptable. Three hours no trials.

Acceptable. Potentially noisy during credential updates, but acceptable. Logging can be cleaned up later if needed. Acceptable.