Hacker News new | past | comments | ask | show | jobs | submit login

yeah I think the standard answer is "don't store credentials i the cookie". session key only and central session storage.

That works great when apps can find each other, talk directly to each other, or share storage.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact