
Gmail cookie vulnerability exposes user's privacy - gibsonf1
http://www.news.com/Gmail-cookie-vulnerability-exposes-users-privacy/2100-1002_3-6210353.html?tag=nefd.pop
======
cstejerean
Correct me if I'm wrong but I don't think the 2 year cookie policy affects
GMail. I remember being prompted for a password every so often even if I tell
Google to keep me signed in. I'm guessing the 2 year cookie is for correlating
search results. And even if the cookie itself has an expiration 2 years in the
future doesn't mean that GMail will accept that session ID.

Can anyone confirm whether or not you can stay logged in to GMail for 2 years
using just a cookie?

------
chaostheory
If I was a malicious coder, I'd rather go for Yahoo Mail than Gmail (they have
a cookie that lasts for 2 weeks).

Based on my experience working for a spammer (long story I was mislead about
the company), Gmail is the ignored red headed step child. The main focus was
on Hotmail and Yahoo.

This is probably due to Gmail still not being a leader in web mail, and just
having proportionately less click through rates (percentage wise) than Yahoo
or Hotmail (Hotmail was the best in both). My guess is that this is either due
to google having a better spam filter or smarter people use gmail.

