this is the exact ISSUE !!! YOU SCORE BONUS POINTS!!!
> Indeed, but surely the cookie information stored should be dependant on > the user's authentication details? It makes sense to use semi-dynamic > cookie information like this, making holes like this one a little more > hard to 'gain and keep' access. > > > > there is a [x] box.. > > > > "Don't ask for my password for 2 weeks." > > > > this sets the users cookie. Gmail uses the cookie for authentication. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
