Philip Mak [EMAIL PROTECTED] asked:
I have a general question about websites that use cookies to store session
information:
Why should they expire at all?
Let me give you an example. Yesterday, I was at Amtrak Rail's website to
purchase train tickets. Now, I multitask a lot, and
they expire so if you leave the computer and someone else comes into the
office/internet cafe/or even your computer at home, they won't be able to
reestablish your session.
some sites don't expire their cookies (well they do, but like in 4 years,
MSN being the worst).
- Original Message
And if you're on one of those systems that let's you log in once and
then add anything you like to your shopping cart (and purchase it,
since your account already has your credit card number), then you might
*want* it to log you out after just a few minutes if you get up for
another espresso and
It's not the cookie that's expiring, per se, but the server side
information that corresponds to the cookie. Indeed the fact that
the site could tell you that the session had expired indicates that
the cookie itself did not expire.
As to why they must/should expire, remember that system
