Vendor 2 acknowledged the weakness, yet wrote us: "Session cookies are not a replacement for authentication tokens."

Vendor 2承认了这些缺陷，然后给我们写信说：“会话cookie不是一个可代替的认证标识。”

youdao

Keep-session-cookies saves the session cookies instead of keeping them in memory, which is useful on sites that require access to other pages.

keep - session - cookies保存会话cookie，而不是将它们留在内存中，这对于需要访问其他页面的站点比较有用。

youdao

The ability to forge such session cookies (or more generally, session tokens) stems from the fact that the tokens are not generated in a secure way.

这种打造的能力，像会话 cookie （或者更通俗地说，会话标识）源自于这些标识不是以安全的方式产生的事实。

youdao

Because the script is being run in the context of the trusted web site, it has access to cookies such as session tokens, as well as any other user information available within the security context of that web site.

FORBES: Security Firm F-Secure Has Security Flaw In Web Site

Before each session, the system cleared his computer of all browser data, including cookies.

WSJ: The Journal's Methodology for Testing Tracking on Apple's Safari Browser