Random Cookie and Hacking

How would someone's login credentials to their bank account web site not be personal information? And why would it ever be needed without their permission? I'm just trying to understand your position.

I think cyberoidx just did not phrase his reply correctly. What he probably means is, that cookies may contain lot of private/personal information (sessions id's, authentication credentials etc..) which if shared could be misused.

Online banking sites do not generally store the username, password of the user in the cookie...(at least I am yet to come across any such implementation for a banking website.)They may/may not have a good sessiond id implementation, however it is still not that simple to take over a user's account as additional controls may also be in place.

Additional controls:

Browser instance, IP Address, Page ID's

In some cases, for a user to access the website as another user with the help of a stolen session id, he may need to have a valid account as well.

And yes, the cookies which are retrievable after sharing the entire drive are "persistent cookies"i.e. the ones which are stored on the hard disk. Another type are, the "non persistent cookies" or the ones which are stored in the RAM.These cookies are deleted as soon as the browser instance used to access the website is closed.

As a best practice (OWASP), sensitive information should be stored in non persistent cookies.