I see two issues here worth checking:

1. I don't recall SipHash being used as a MAC in
any IETF standard before. We normally use HMAC,
even if truncated. Why make this change and was
that checked with e.g. CFRG? (And the URL given
in the reference gets me a 404.)

2. Is it really a good idea to use a 32 bit seconds
since 1970-01-01 in 2020? I'd have thought that e.g.
a timestamp in hours since then or seconds since
some date in 2020 would be better.

Here's a couple of nits too:
- section 1: what's a "strong cookie"?
- "gallimaufry" - cute! but not sure it'll help readers to learn that word.