Why is this bad? One reason is that it's sometimes possible for people to steal your logon information using what's calls Cross-Site Scripting (XSS). I won't go into that here, but will share some simple mechanisms you can use to inspect cookies, and mess with them. (Nothing here is really new or revolutionary, but was new to me, so I thought I'd share it...)
It turns out your web browser is capable of showing you the cookies for any page you're viewing: just paste
ASPSESSIONIDCCDSQTRS=DNCMEHMBIFCJIPMIOBJOMJIFNow let's "inject" the logon information we stole (you can use your real CellarTracker information if you have an account). Type in the following in the address bar, replacing
;User=your username ";}
Note that there's a way to prevent all of the above: HTTP-Only cookies. This tells the web browser to not expose the cookies to the web page in any way (so no script access). They are still sent to the web site when you make requests, but malicious script code running in your browser can't see them or modify them...