DEV Community

Cover image for Engineering of Small Things #2: Cookies
ShatilKhan
ShatilKhan

Posted on

Engineering of Small Things #2: Cookies

Cookies!
I love it, you love it, Google Loves it, Third Party Companies that steal your data love it as well!

Although I have worked with session based authentication before, I have always wondered how it works on a fundamental level.

Recently I came across a task where I had to access & use cookies to login to a site for "research purposes"

Image description

So Anyway!

I needed to load & change a website's cookies to sign into another session. That got me wondering how do cookies actually work.

I first had a cookies file saved from another session. Basically when I (the user) login each time from any device, it creates a session token. Think of session tokens like keys for your website. There's a lot of other stuff that's created like session_id , puid etc. What's important is that all these things function as a unique identifier so that only the specific user can access the website. Now if we want to login to this same session, we would simply need to:

  • scrape the cookies from this session
  • go to a different device or browser where another user is logged in.
  • Then paste in the cookies from our previous session
  • Finally refresh the site
  • And Voila! we just logged into someone's account using their cookies! (Do Not Try This at Home and please don't mention my name if you do try)

I used the Cookie-Editor extension for this task.

  • First I copied the cookie files from my previous session
  • then went to the where I need to login
  • Opened the cookie-editor & just pasted in the entire text from the cookie file of my previous session

Another important thing is the added safety of session-expiry. After some time cookies will expire & you will have to login again. This ensures no one else snoops into your account.

Now this blog isn't meant as a high-level overview, it's just something I found pretty interesting is all. So I made a short diagram for how cookie based authentication works as well!
I used Excalidraw for the diagramming.

Image description

Happy Coding!

Image description

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay