This is something you probably should have reported to pg (unless it was already fixed, of course. it seems to be now)

This kind of vulnerability makes it trivial to hijack someone's session. Of course you probably don't have any sensitive data on news.yc, but still...