Forum OpenACS Q&A: Response to Ben's scary authentication bug.

The financial sites I've used (maybe 2-3) have what I used to think was an annoyingly fast expiration of authentication cookies (only a minute or two).  Now I can see that I'm glad they do that.  Even so, this doesn't completely eliminate the problem by itself.  They do all also have a "sign out" (similar to the ACS "Logout" link) button, which I assume wipes out the cookie completely.