That's why you should use SSL for anything like that. And signout as soon as done (regretfully some software doesn't invalidate cookies on signout, only overwrites on browser.)

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/562/2108#2108