1. that’s one the reasons most secure website’s only use browser session based cookies for authentication… baking a persistent cookie can burn your fingers 🙂


  2. Even with session cookies you are vulnerable during browsing, and the attacker has an extra time window of about 20 minutes if you forget to sign out.

    Erik Oppedijk

Comments are closed.