Cookies!
I love it, you love it, Google Loves it, Third Party Companies that steal your data love it as well!
Although I have worked with session based authentication before, I have always wondered how it works on a fundamental level.
Recently I came across a task where I had to access & use cookies to login to a site for "research purposes"
So Anyway!
I needed to load & change a website's cookies to sign into another session. That got me wondering how do cookies actually work.
I first had a cookies file saved from another session. Basically when I (the user) login each time from any device, it creates a session token. Think of session tokens like keys for your website. There's a lot of other stuff that's created like session_id , puid etc. What's important is that all these things function as a unique identifier so that only the specific user can access the website. Now if we want to login to this same session, we would simply need to:
- scrape the cookies from this session
- go to a different device or browser where another user is logged in.
- Then paste in the cookies from our previous session
- Finally refresh the site
- And Voila! we just logged into someone's account using their cookies! (Do Not Try This at Home and please don't mention my name if you do try)
I used the Cookie-Editor extension for this task.
- First I copied the cookie files from my previous session
- then went to the where I need to login
- Opened the cookie-editor & just pasted in the entire text from the cookie file of my previous session
Another important thing is the added safety of session-expiry. After some time cookies will expire & you will have to login again. This ensures no one else snoops into your account.
Now this blog isn't meant as a high-level overview, it's just something I found pretty interesting is all. So I made a short diagram for how cookie based authentication works as well!
I used Excalidraw for the diagramming.
Happy Coding!
Top comments (0)