Sites sometimes include cookies that are used to "remember" the user, long after their session expires. Such cookies are frequently insecure, allowing them to be forged or stolen.