Ajaxian posted this one and the attached document is worth a read. They have a good summary and if you read the document there is a recommended practice, but you should be aware of the shortcomings of other methods.
I’ll look, in the future, at how this affects the list of sites we are reviewing.
Download the article from Stanford Web Security