From a developers point of view, this could be a problem. Often times there might be more than one cookie set for a user for a specific site, for whatever reason. It’s assumed the cookies are set by the site, not passed about. Of course you’d have security in place against spoofed cookies, but I could see potential weird behavior when someone else is using a cookie the site set on another machine.
And in general…my chest just kept constricting the more I read the authors description.
This stores EVERYONES cookies in one place, this persons server. They didn’t disclose how he encrypted them, but even if they did everything right, what if there is some accidental logging, or something? There are just too many possibilities where this could go horribly wrong.
This is basically storing your credentials on another persons server, and trusting they are managing things correctly. The only company I’d do that with is 1password, and that’s because they are insane about security.