4
I’m studying security in web applications.
For educational purposes, I logged on to my Facebook page and copied my active session cookie obtained on document.cookie
, then I opened another browser, entered the main page of facebook (dislocated) and declared document.cookie
= my active session cookie in the other string browser.
It didn’t work. So I downloaded an extension to Inject Cookie manually. I copied and put all the cookies of my active session in the extension in the other browser and also did not work.
My logic was simple: With a valid active session ID being declared on document.cookie
the server should take me inside the user page while giving refresh.
My question is: at what point is my logic wrong and why?
no one........?
– ropbla9
Maybe facebook uses browser data to sign cookies. I have already done this myself.
– Alexandre