For extra security, the website should generate an extra nonce to go with the current time, otherwise there's a window where the signature could be reused to login again (maybe to another site).
A signature cannot be reused. It's only good for 60 seconds and once used may never be re-used because I do not allow that. Register for an account and try to submit the same signature more than once.
I understand replay attacks. I don't allow that to happen.
