Skip to content

Why Cookie should expire immediately when session is destroyed

March 2, 2018

Imagine this: You were at  airport or hotel, you logged in to a web page using a public computer, you logged out and went away , someone came over and copied your cookie, he can restore the session on another PC/laptop. Here’s how you do it :

1: Download “edit this cookie plugin” and install. Login to a webpage to test, in this tutorial I will demonstrate on Dot Net Nuke :

dnn1

2: Click on the Edit This cookie.

dnn2

3: Click on export

dnn3

4: Now, I am going to open another browser from another PC, notice I am not currently logged in:

dnn4

5: Click on the Edit This Cookie, then select import:

dnn5

6: Ctrl-V to paste, then click on the tick:

dnn6

7: Finally refresh the page. In this screenshot, you can see I can login as a superuser without providing the credential !

dnn7.png

The purpose of this write-up is to remind you to be extremely careful when using public PC or even office PC.

Thanks for reading !

Advertisements

From → Security

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: