Sign in with Twitter and Security for a Zend Framework App

[Aaly]

I'm trying to replicate the functionality i've seen on a couple of sites:

• http://todaslistas.heroku.com
• http://endor.se

The idea is you sign up and log in with Twitter using Oauth. Once you have authed the app at twitter you then return to their site and they keep you logged in. In the case of each one they obviously base this on cookies as i can return to the site after closing my browser and i am still logged in. This seems inherently insecure, what are they doing here to maintain the login?I will be using Zend Framework but i guess that doesnt really matter.