Hi, this is not a question about security on my machine per se, but rather a more general one. I hope that this is the correct forum.

I was cleaning up my cookies like I regularly do (FF 2.0.0.11, Slackware-current, if that's of interest), when I noticed several cookies that as far as I can tell are from servers I almost exclusively connect to using https. Some even were of the form "secure0.websitename.com" .

My question I guess, is isn't it lax for a secure server to be leaving cookies on your machine? Have I been reading too many scare stories about cookies, or is it one of those "1½ factor security" or "security through insanity" systems they talk about at The DailyWTF.

There's no reason why you shouldn't have cookies from HTTPS sites. HTTPS is just HTTP tunnelled inside SSL. If a site requires the use of cookies in order to work right, it will almost certainly require them regardless of whether you use HTTP or HTTPS.

EDIT: Sorry, I think I had misunderstood your question. I think you were asking about HTTPS sites which don't clear their cookies when you log-out and stuff, right? In those cases, I think the danger really depends on the cookie - or more specifically - the information contained within it. There must also be server-side techniques to make things like cookie-theft hard to accomplish, as evidenced by a serious cookie problem Gmail had (and fixed) a while back.

Yes, That's what I was wondering, why they didn't clear their cookies when I log out. I could have stated it a bit more clearly. It's probably poor housekeeping, as you say. I suppose I will just have to check my cookies more regularly. Thanks for the reply.