This is just a basic part of the underlying technology of the web browser, and it’s required for sites like gmail, Yahoo!, and others to operate.
There are ways a site can avoid this problem (generally by constantly changing the login cookie data with EVERY response, and invalidating the old ones immediately), but they require more horsepower on the backend than the blogging sites are really able to provide, and there’s still usually a small window of opportunity.
Comment by – Morgan Schweers, CyberFOX! September 19, 2006 @ 1:24 pm
Other references that may be of interest:
Myspace security measure disables viral spread of widgets
Second Life – Urgent Security Announcement