Indeed, but surely the cookie information stored should be dependant on
the user's authentication details? It makes sense to use semi-dynamic
cookie information like this, making holes like this one a little more
hard to 'gain and keep' access.
there is a [x] box..
"Don't ask for my password for 2 weeks."
this sets the users cookie. Gmail uses the cookie for authentication.