8Eki
Why aren’t persistence cookies locally stored in an encrypted state?
As far as I’m aware, persistence cookies are only encrypted in transit (HTTPS), but aren’t inherently encrypted while being stored locally on the user’s device.
Assuming a certain persistence cookie can be used to fully authenticate login, then if it is stolen user impersonation is temporarily possible.
For obvious reasons, it is considered bad practice to locally store any passwords in plaintext.
Why is this not the case for persistence cookies- even if they are only temporary?
