From 2688ca04a500551fb562520a2cbef1b039cadd81 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Mon, 15 Feb 2021 04:02:10 -0500
Subject: [PATCH] clarify lack of persistent state for web sites

---
 static/features.html | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/static/features.html b/static/features.html
index ea181abf..e70fd384 100644
--- a/static/features.html
+++ b/static/features.html
@@ -198,9 +198,10 @@
                     when sending mail including alert messages from the attestation service</li>
                     <li>SSHFP across all domains for pinning SSH keys</li>
                     <li>Static key pinning for our services in apps like Auditor</li>
-                    <li>No cookies or similar client-side state for anything other than login sessions,
-                    which are set up via SameSite=strict cookies and have server-side session tracking
-                    with the ability to log out of other sessions</li>
+                    <li>No persistent cookies or similar client-side state for anything other than
+                    login sessions, which are set up via SameSite=strict cookies and have
+                    server-side session tracking with the ability to log out of other
+                    sessions</li>
                     <li>scrypt-based password hashing (likely Argon2 when the available implementations
                     are more mature)</li>
                 </ul>