From google :
For example, we use cookies called ‘SID’ and ‘HSID’ which contain digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time. The combination of these two cookies allows us to block many types of attack, such as attempts to steal the content of forms that you complete on web pages.
I don't really understand the last sentence . How keeping the account ID protects from attacks ? Isn't it the other way round ? Like the user should have to sign in every time for the service to be 100% secure ?
One must understand the purpose of cookies. It is true that for best security, you have to sign in every time... but by that you mean every time you go to the website, not every time you click on a link, view a new page or click a navigation button. Clearly you don't want to sign in on each new page!
That's what the cookies do. They "remember" your login information when going between pages. In Google's case, the two cookies uniquely identify a particular "session" or "sign in" (Google account used and sign in time) and are stored only on the computer that you performed that sign-in from. So you can access multiple pages and Google knows it is you, but since nobody else posesses those precise cookies, they can't impersonate you.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With