Engineering of Small Things #2

Cookies!

I love it, you love it, Google Loves it, Third Party Companies that steal your data love it as well!

Although I have worked with session based authentication before, I have always wondered how it works on a fundamental level.

Recently I came across a task where I had to access & use cookies to login to a site for "research purposes"

So Anyway!

I needed to load & change a website's cookies to sign into another session. That got me wondering how do cookies actually work.

I first had a cookies file saved from another session. Basically when I (the user) login each time from any device, it creates a session token. Think of session tokens like keys for your website. There's a lot of other stuff that's created like session_id , puid etc. What's important is that all these things function as a unique identifier so that only the specific user can access the website. Now if we want to login to this same session, we would simply need to:

- scrape the cookies from this session

- go to a different device or browser where another user is logged in.

- Then paste in the cookies from our previous session

- Finally refresh the site

- And Voila! we just logged into someone's account using their cookies! (Do Not Try This at Home and please don't mention my name if you do try)

I used the Cookie-Editor extension for this task.

- First I copied the cookie files from my previous session

- then went to the where I need to login

- Opened the cookie-editor & just pasted in the entire text from the cookie file of my previous session

Another important thing is the added safety of session-expiry. After some time cookies will expire & you will have to login again. This ensures no one else snoops into your account.

Now this blog isn't meant as a high-level overview, it's just something I found pretty interesting is all. So I made a short diagram for how cookie based authentication works as well!

I used Excalidraw for diagramming.

Happy Coding!

Check out my dev.to article if you're interested: https://dev.to/siren/engineering-of-small-things-2-cookies-43b2