Hacker News new | past | comments | ask | show | jobs | submit login

Yup, they're one of our examples of a "good" setup. However, Google leaks iGoogle and some other things (Latitude, address book, reader, ...)

However they don't share the same session cookie for different service as far as I know (which they negotiate that through TLS protected link) Likewise they have also made several other services TLS only (e.g. calendar, docs)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact