Test of using a stolen cookie
Bypassing authentication and impersonating another user by using a stolen cookie
PHPSESSID=" . session_id() . "
";
/*
if (isset($_SESSION['loggedin']) && $_SESSION['username'] !== '') {
echo "Username: " . $_SESSION['username'] . "
";
echo "Logged in: " . $_SESSION['loggedin'] . "
";
}
else {
echo "session variables expired";
}
*/
// If session parameter is not set, set it to: 'undefined ...'
$username = $_SESSION['username'] ?? 'undefined (session variable expired)';
$loggedin = $_SESSION['loggedin'] ?? 'undefined (session variable expired)';
echo "Username: " . $username . "
";
echo "Logged in flag: " . $loggedin . "
";
?>
If all above session parameters are defined, try accessing the
dashboard
List cookies