The latest articles on DEV Community by Lemuel Flores (@captainskippah). https://dev.to/captainskippah https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F872147%2F1b2883b4-6038-4fb3-9fcd-eb61bb93ff04.jpeg https://dev.to/captainskippah en Lemuel Flores Wed, 08 May 2024 23:19:40 +0000 https://dev.to/captainskippah/laravel-tinker-login-as-another-user-and-generate-an-injectable-session-cookie-1nhp https://dev.to/captainskippah/laravel-tinker-login-as-another-user-and-generate-an-injectable-session-cookie-1nhp <h2> Generating session cookie </h2> <ul> <li>Enter Laravel Tinker </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>php artisan tinker </code></pre> </div> <ul> <li>Authenticate </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1"># Login using id</span> <span class="nf">auth</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">loginUsingId</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="c1"># Login using a user instance</span> <span class="nf">auth</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">login</span><span class="p">(</span><span class="nc">User</span><span class="o">::</span><span class="nf">where</span><span class="p">(</span><span class="s1">'email'</span><span class="p">,</span> <span class="s1">'foo@bar.com'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">first</span><span class="p">())</span> </code></pre> </div> <ul> <li>Save the session </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nf">session</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">save</span><span class="p">()</span> </code></pre> </div> <p>If you are not using <code>EncryptedCookie</code> for some reason, you can stop at this step and proceed to injecting the session id to your session cookie:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nf">session</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">getId</span><span class="p">()</span> </code></pre> </div> <ul> <li>Generate the cookie value that is about to get encrypted </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nc">\Illuminate\Cookie\CookieValuePrefix</span><span class="o">::</span><span class="nf">create</span><span class="p">(</span><span class="nf">config</span><span class="p">(</span><span class="s1">'session.cookie'</span><span class="p">),</span> <span class="nf">app</span><span class="p">(</span><span class="nc">\Illuminate\Contracts\Encryption\Encrypter</span><span class="o">::</span><span class="n">class</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">getKey</span><span class="p">())</span><span class="mf">.</span><span class="nf">session</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">getId</span><span class="p">()</span> </code></pre> </div> <ul> <li>Generate the encrypted cookie value</li> </ul> <p>It is highly likely the 2nd parameter here is always <code>false</code> for everyone. If not, then you probably know what you are doing.</p> <p>Here is the reference: <a href="https://github.com/laravel/framework/blob/v11.7.0/src/Illuminate/Cookie/Middleware/EncryptCookies.php#L187-L189">https://github.com/laravel/framework/blob/v11.7.0/src/Illuminate/Cookie/Middleware/EncryptCookies.php#L187-L189</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nf">app</span><span class="p">(</span><span class="nc">\Illuminate\Contracts\Encryption\Encrypter</span><span class="o">::</span><span class="n">class</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">encrypt</span><span class="p">(</span><span class="o">&lt;</span><span class="n">value</span> <span class="n">from</span> <span class="n">previous</span> <span class="n">step</span><span class="o">&gt;</span><span class="p">,</span> <span class="kc">false</span><span class="p">)</span> </code></pre> </div> <ul> <li>urlencode it or simply just replace the <code>=</code> at the end with <code>%3D</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nb">urlencode</span><span class="p">(</span><span class="o">&lt;</span><span class="n">value</span> <span class="n">from</span> <span class="n">previous</span> <span class="n">step</span><span class="o">&gt;</span><span class="p">)</span> </code></pre> </div> <ul> <li>You can now proceed to injecting the generated string to the browser</li> </ul> <h2> Injecting session cookie to the browser </h2> <ul> <li>Open your website e.g <a href="http://localhost">http://localhost</a> </li> <li>Open devtools</li> <li>Open Application tab</li> <li>Open Storage &gt; Cookies &gt; your website (e.g <a href="http://localhost">http://localhost</a>)</li> <li>Double click on the value column of the session cookie (e.g laravel_session)</li> <li>Paste the value from Generate step</li> <li>Refresh the page</li> </ul> laravel