"You'll be authenticated on any services which the user was logged in on when they committed the database"
Not to diminish the importance of the issue but the above statement assumes that "all authentication/session cookies for any and all web sites ever have no server-side expiration mechanism".
Biting the hand that feeds IT
