Security flaw found in Orkut. Is it still safe to use?

[Leet S]

A session management error has been found in Orkut. The error report is present at: http://lists.grok.org.uk/pipermail/f.../064143.htmlIs it still safe to use Orkut? Will you still use Orkut? What do you suggest?

[rmelnik@sbcglobal.net]

I would and:Solutions:-1. The session associated with 'orkut_state' cookie must expire at the server side when the user logs out.2. The session associated with 'orkut_state' cookie must be disabled temporarily when a user fails authentication during a session. The session should be enabled only after the user successfully authenticates himself.Prevention:-1. A user logged into Orkut should not run any untrusted JavaScript or program to prevent the cookie from being stolen.2. On a shared system, the user must log out of Orkut by clicking the"Logout" link. This would delete the session cookies at the browser and another user can not read the cookie value from the browser. Alternatively, the cookie can be removed from the browser.