Yup, they're one of our examples of a "good" setup. However, Google leaks iGoogl... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cdine on Oct 25, 2010 \| parent \| context \| favorite \| on: Firesheep: Easy HTTP session hijacking from within... Yup, they're one of our examples of a "good" setup. However, Google leaks iGoogle and some other things (Latitude, address book, reader, ...)

itsnotvalid on Oct 25, 2010 [–]

However they don't share the same session cookie for different service as far as I know (which they negotiate that through TLS protected link) Likewise they have also made several other services TLS only (e.g. calendar, docs)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact