this is the exact ISSUE !!!
YOU SCORE BONUS POINTS!!!

> Indeed, but surely the cookie information stored should be dependant on
> the user's authentication details? It makes sense to use semi-dynamic
> cookie information like this, making holes like this one a little more
> hard to 'gain and keep' access.
> 
> 
> > there is a [x] box..
> >
> > "Don't ask for my password for 2 weeks."
> >
> > this sets the users cookie. Gmail uses the cookie for authentication.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Reply via email to