Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: open
The cookie is saved on your PC with an expiry date weeks or months (or, if you are Google, years) away. Unlike session cookies, that cookie won't be deleted when you exit the browser.
The browser passes the cookie to the website each time it (the browser) accesses the site.
Your CGI programs on the website can then use the cookie to retrieve whatever stored info they have about the PC that has stored the cookie.
Lots more at:
Off to read the manual properly!
I *think* what starec means is that the persistent cookie will be around, and not very secure, on the user's PC for possibibly years.
If I can get hold of someone's cookie and copy it to my machine, I can access your site, and you think I'm them.
This is true too of session cookies, but they are around for not very long so the risk is reduced (unless you always serve the same cookie to the same userid, in which case they are as insecure as persistent cookies)