[eluser]Iverson[/eluser]
[quote author="i_like_ponies" date="1237851550"]But if you can successfully cookie them (real cookie, not session based cookie which expires when browser is closed) then in theory the cookie id should be good enough.[/quote]
That's what I though, but actually, closing my browser after I start a session on the site keeps the session when I reopen it. Even keeping the browser open and opening a totally browser (not a tab) keeps the session.
[quote author="i_like_ponies" date="1237851550"]Course if people want to be malicious and/or clean their privacy data every time they close their browser, then you're kind of up a creek anyways.[/quote]
Yep. Oh well. The first thing you learn in security is that you can never have a 100% secure site. The only thing you can do is make it as hard as possible to be hacked
hut: