Hacker News new | past | comments | ask | show | jobs | submit login

I would remain suspicious if there was any identifying or unique information in cookies after logout. Ideally, logout should delete all cookies.



I already pointed out that HN leaves a cookie behind in another comment, so here's a different tack: is there a site on the first page of http://www.alexa.com/topsites that actually leaves no cookies behind when you logout?

A major faux pas like leaving your uid in the clear in the cookie after logout certainly seems to bother us, but I don't think users (even savvy users) care about leaving some cookies behind. For the record, I've installed various opt-out browser extensions in the past (only to switch computers/browsers and forget to bring them along)--I don't think my views are pro-cookie or even moderate.


> I don't think users (even savvy users) care about leaving some cookies behind.

In most contexts, that is true. A Slashdot cookie is just a line in a text file until you visit Slashdot. But a Facebook cookie is sent home every time you visit a page with any FB spam on it.

The mysql.com malware is trivial. Hitting Facebook would get most everyone, users and not.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: